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Abstract 



In this thesis we give an algebraic characterization of the syntax and semantics of simply- 
typed languages. More precisely, we characterize simply-typed binding syntax equipped 
with reduction rules via a universal property, namely as the initial object of some category. 

We specify a language by a 2-signature (£,A), that is, a signature on two levels: the 
syntactic level S specifies the sorts and terms of the language, and associates a sort 
to each term. The semantic level A specifies, through inequations, reduction rules on 
the terms of the language. To any given 2-signature (£,A) we associate a category of 
"models" of (S,A). We prove that this category has an initial object, which integrates the 
terms freely generated by £ and the reduction relation — on those terms — generated 
by A. We call this object the programming language generated by (S,A). 

Initiality provides an iteration principle which allows to specify translations on the 
syntax, possibly to a language over different sorts. Furthermore, translations specified via 
the iteration principle are by construction type-safe and faithful with respect to reduction. 

To illustrate our results, we consider two examples extensively: firstly, we specify a 
double negation translation from classical to intuitionistic propositional logic via the 
category-theoretic iteration principle. Secondly, we specify a translation from PCF to 
the untyped lambda calculus which is faithful with respect to reduction in the source and 
target languages. 

In a second part, we formalize some of our initiality theorems in the proof assistant 
Coq. The implementation yields a machinery which, when given a 2-signature, returns 
an implementation of its associated abstract syntax together with certified substitution 
operation, iteration operator and a reduction relation generated by the specified reduction 
rules. 



Resume 



Dans cette these, on donne une caracterisation algebrique de la syntaxe et de la se- 
mantique des langages simplement types. Plus precisement, on caracterise la syntaxe 
simplement typee avec liaison de variables, equipee des regies de reduction, via une 
propriete universelle, a savoir comme l'objet initial d'une categoric 

Nous specifions un langage par une 2-signature (2,A), c'est-a-dire, une signature 
a deux niveaux: le niveau syntaxique S specifie les types et les termes du langage, et 
associe un type a chaque terme. Le niveau semantique A specifie, via des inequations, 
des regies de reduction sur les termes du langage. A chaque 2-signature (£,A) donnee 
on associe une categorie des «modeles» de (S,A). Nous demontrons que cette categorie 
admet un objet initial, qui integre les termes librement engendres par S et la relation 
de reduction — sur ces termes — engendree par A. Nous appelons cet objet le langage 
engendre par (S,A). 

Initialite fournit un principe d'iteration qui permet de specifier des traductions sur la 
syntaxe, possiblement vers un langage sur des types differents. De plus, les traductions 
qui sont specifiees via ce principe d'iteration sontfideles relativement au typage et la 
reduction. 

Afin d'illustrer nos resultats, nous considerons deux exemples en detail: premierement, 
nous specifions une traduction de la logique classique a la logique intuitioniste propo- 
sitionnelle via le principe d'iteration categorique. Deuxiemement, nous specifions une 
traduction de PCF au lambda calcul non-type qui est fidele par rapport aux reductions 
aux langages source et but. 

Dans une deuxieme partie, nous formalisons quelques uns de nos theoremes d'initialite 
dans l'assistant de preuves Coq. L'implementation apporte un mecanisme qui, etant 
donnee une 2-signature, rend une implementation de sa syntaxe associee, equipee 
d'une operation de substitution certifiee, d'un operateur d'iteration et d'une relation de 
reduction engendree par les regies de reduction specifiees. 
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Resume Long 



Dans cette these, on donne une caracterisation algebrique de la syntaxe et de la se- 
mantique des langages simplement types. Plus precisement, on caracterise la syntaxe 
simplement typee avec liaison de variables, equipee des regies de reduction, via une 
propriete universelle, a savoir comme l'objet initial d'une categorie. 

Semantique Initiale 

La Semantique Initiale caracterise les termes d'un langage associes a une signature S 
comme l'objet initial d'une categorie — dont on appelera les objets les Semantiques de S 
— , ce qui fournit une definition concise de haut niveau de la syntaxe abstraite associee a 
S. Plus precisement, les ingredients suivants sont utilises: 

Signature Une signature specifie, de facon abstraite et concise, la syntaxe et la seman- 
tique d'un langage. 

Categorie de Representations A chaque signature S, on associe une categorie de «mod- 
els» de cette signature, que Ton appelera des representations de S. 

Initialite Dans cette categorie de representations de S, on exhibe l'objet initial, le langage 
genere par S . 

Les motivations pour la Semantique Initiale sont doubles: premierement, la Semantique 
Initiale fournit une definition categorique — via une propriete universelle — de la syntaxe 
et de la semantique engendrees librement par une signature. Deuxiemement, l'initialite 
donne lieu a un operateur d'iteration qui permet de specifier de facon economique et 
conviviale des morphismes — traductions — de l'objet initial vers des autres langages. 

Selon la «richesse» du langage qu'on veut specifier, on a besoin d'une notion de 
signature adaptee et, en consequence, d'une representation de cette signature. Les 
caracteristiques que Ton considere dans cette these sont: 

Liaison de Variables On considere des constructions liantes au niveau des termes, tels 
que l'abstraction lambda. 

Typage On considere des systemes de types simples, tels que le lambda calcul simple- 
ment type et, via l'isomorphisme de Curry-Howard, la logique propositionelle (cf. 
Sect. 3.4). 
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Reduction On considere de la semantique sous forme de regies de reduction sur des 
termes, telles que la reduction beta, 

Ax.M(IV)~> M[x :=N] . 

Pour l'integration de chacune des caracteristiques ci-dessus, les notions de signature et 
de representation necessitent d'etre adaptees pour tenir compte de la quantite croissante 
d'information qui doit etre fournie pour specifier un langage. 

Un de nos buts, c'est d'utiliser la Semantique Initiale pour traiter la question suivante: 
nous voudrons traduire d'un langage a un autre — possiblement sur des ensembles 
de types differents — , en utilisant une construction universelle categorique. Cette 
construction devrait prendre en compte le plus de «structure» possible. Par cela nous 
entendons que la traduction considered devrait, par construction, etre compatible, par 
exemple, avec le typage et reduction aux langages source et but. 

Contributions 

Dans cette these, nous donnons, via une propriete universelle, une caracterisation 
algebrique de la syntaxe simplement typee equipee d'une semantique sous forme de 
regies de reduction. Plus precisement, etant donnee une signature — qui specifie les types 
et les termes d'un langage — et des inequations sur cette signature — qui specifient des 
regies de reduction — , nous caracterisons les termes du langage associe a cette signature, 
equipes des regies de reduction selon les inequations donnees, comme l'objet initial d'une 
categorie des «modeles». 

Notre point de depart est un travail sur l'initialite de la syntaxe non-typee effectue par 
Hirschowitz et Maggesi [HM07a], et sur son extension sur la syntaxe simplement typee 
par Zsido [ZsilO]. Dans un premier temps nous etendons le theoreme de Zsido [ZsilO, 
Chap. 6] pour tenir compte des variations des types (cf. Chapt. 3). Puis, nous integrons 
des regies de reduction dans le resultat d'initialite purement syntaxique d'Hirschowitz et 
Maggesi [HM07a], cf. Chapt. 4. Finalement nous obtenons notre theoreme principal, qui 
tient compte des variations des types ainsi que des regies de reduction, en combinant les 
deux resultats susmentionnes, cf. Chapt. 5. 

De plus, pour le cas non-type, nous fournissons une preuve formalisee dans l'assistant 
de preuves Coq de notre resultat, ce qui donne un mecanisme qui, etant donnee une 
signature pour des termes et un ensemble d'inequations, produit la syntaxe abstraite 
associee a cette signature, equipee de la relation de reduction engendree par les inequa- 
tions. Pour le cas simplement type, nous formalisons l'instance de notre resultat principal 
(cf. Thm. 5.21) pour la signature du langage de programmation PCF [Plo77]. 

Nous decrivons maintenant nos contributions en detail: 
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Une variante du theoreme de Zsido 



Dans sa these, [ZsilO, Chap. 6], Zsido demontre un theoreme d'initialite pour la syntaxe 
abstraite associee a une signature simplement typee. Pourtant, les modeles qu'elle 
considere, dont la syntaxe abstraite est initiale, sont tous des modeles sur le meme 
ensemble de types. Ainsi, le principe d'iteration obtenu par initialite ne permet pas la 
specification d'une traduction vers un langage sur un ensemble different de types. Nous 
adaptons son theoreme en introduissant des signatures type.es. Une signature typee (S,E) 
specifie un ensemble de types via une signature algebrique S, ainsi qu'un ensemble de 
term.es simplement types sur ces types via une signature de termes E sur S. 

Une representation R d'une telle signature typee est alors donnee par une representa- 
tion de sa signature S pour les types dans un ensemble T = T R ainsi qu'une representation 
de S dans une monade — aussi appelee R — sur la categorie Set r . Un morphisme de 
representations P — * R est constitue d'un morphisme / entre les representations de S 
sous-jacentes, et d'un morphisme de representations de S qui est compatible dans un 
sens approprie avec la «traduction des types» /. Nous demontrons que la categorie 
des representations de (S, S) ainsi definie admet un objet initial, qui integre les types 
librement engendres par S et les termes librement engendres par S, types sur les types 
de S. Notre definition de morphismes assure que, pour toute traduction specifiee par le 
principe d'iteration, la traduction des termes est compatible avec la traduction des types 
par rapport au typage des langages source et but. 

Syntaxe non-typee et regies de reduction 

Pour integrer des regies de reduction a nos resultats d'initialite, nous definissons la notion 
de 2-signature. Une 2-signature (£,A) est donnee par une (l-)signature S qui specifie 
les termes d'un langage, et un ensemble A d'inequations sur S. Intuitivement, chaque 
inequation specifie une regie de reduction, par exemple la regie beta. 

Les modeles — ou representations — d'une telle 2-signature sont construits a partir des 
monades relative et des modules sur des monades relatives: etant donnee une 1-signature 
S, nous definissons une representation de S comme etant donnee par une monade 
relative sur le foncteur approprie A : Set — » Pre (cf. Def. 2.13), accompagnee d'un 
morphisme de modules (sur des monades relatives) approprie pour chacune des arites 
de S. Etant donne un ensemble A d'inequations sur S, nous definissons un predicat 
de satisfaction pour les modeles de S; nous appelons representation de (S,A) chaque 
representation de S qui satisfait chacune des inequations de A. Ce predicat specifie une 
sous-categorie pleine de la categorie des representations de S. Nous appelons cette 
sous-categorie la categorie des representations de (£,A). Nous demontrons que cette 
categorie admet un objet initial, qui est construit en equipant la representation initiale 
de S — donnee par les termes librement engendres par S — d'une relation de reduction 
appropriee engendree par les inequations de A. 
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Avec ce theoreme d'initialite de (£,A) nous obtenons un nouveau principe d'iteration, 
et chaque traduction qui est specifiee via ce principe est, par construction, compatible 
avec la relation de reduction aux langages source et but. 

Theoreme principal: Systemes de types simples et reductions 

Finalement, nous combinons les deux theoremes susmentionnes pour obtenir un resultat 
d'initialite qui tient compte de notre exemple principal, une traduction de PCF vers le 
lambda calcul non-type. Plus precisement, nous definissons une 2-signature comme 
etant donnee par une signature typee (S, S), accompagnee d'un ensemble A d'inequations 
sur (S, S) qui specifie des regies de reduction. 

Nous definissons une categorie de representations (S, S) et nous demontrons que 
cette categorie admet un objet initial. Cette representation initiale integre les types et 
les termes librement engendres par (S,S), les termes etant equipes d'une relation de 
reduction engendree par les inequations de A. 

Une implementation sur machine pour la specification de 
syntaxe et semantique 

Les theoremes susmentionnes sont faits pour etre implemented dans un assistant de 
preuves. Une telle implementation permet la specification de syntaxe et regies de 
reduction via des 2-signatures, fournissant un mecanisme fortement automatise pour 
produire de la syntaxe equipee d'une substitution certifiee et d'un principe d'iteration. 

Nous demontrons le theoreme pour syntaxe non-typee avec regies de reduction decrit 
en haut dans l'assistant de preuves Coq [CoqlO]. Comme illustration, nous decrivons 
comment obtenir le lambda calcul avec reduction beta via initialite. 

De plus, nous formalisons une instance du theoreme principal, egalement en Coq. Plus 
precisement, nous definissons la categorie des representations de la signature typee de 
PCF avec des reductions et nous demontrons que cette categorie admet un objet initial. 
Apres, nous donnons une representation de cette signature dans la monade relative du 
lambda calcul avec reduction beta ULC^, ce qui fournit une traduction de PCF vers ULC. 
Des instructions sur comment obtenir le code source complet de notre bibliotheque Coq 
sont disponible sur 

http://math.unice.fr/laboratoire/logiciels. 
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Introduction 



Motivation: Traductions de PCF vers ULC 

Comme exemple introductif, on considere des traductions de PCF, introduit par Plotkin 
[Plo77], vers le lambda calcul de Church [Chu36]. Une description detaillee des deux 
langages est donnee dans Appx. A. Ces deux langages sont paradigmatiques au sens 
ou PCF peut etre vu comme un langage de haut niveau, equipe d'un systeme de types, 
tandis que le lambda calcul represente un langage non-type de bas niveau. 

Nous specifions une application / de l'ensemble de termes de PCF vers le lambda 
calcul comme dans Fig. 1.1 (cf. [Pho93]), avec une fonction g des constantes de PCF 
vers des lambda termes, e.g., g(T) := Xxy.x, et constantes du lambda calcul, e.g., 

8 := (Ax.Ay.(y(xxy))) (Ax.Ay.(y(xxy))) (Turing fixed point combinator) and 
Q := (Xx.xx)(Xx.xx) . 

Bien entendu, differentes traductions existent; par exemple, on pourrait traduire Fix vers 
un combinateur de point fixe different. 

Dans cette these on presente un cadre categorique pour la specification des tels 
traductions d'un langage vers un autre. Les challenges sont: 

• les ensembles de types differents des langages source et but et 

• integrer la compatibilite de telles traductions avec la structure — substitution et 
reduction — des langages source et but. 

Nous defrnissons une categorie dans laquelle les langages comme PCF et ULC sont 
des objets, et dans laquelle une traduction comme decrite plus haut est un morphisme 
/ : PCF — > ULC. Plus precisement, dans la categorie qu'on construit, la traduction / est 
un morphisme initial f : PCF — * ULC, c'est-a-dire, sa source PCF est l'objet initial. II 
y a plusieurs traductions possibles de PCF vers ULC, et le morphisme / : PCF — * ULC 
ne peut pas etre initial dans une categorie ou les objets ne sont «que» des langages — 
autrement on aurait f — f pour toute traduction /' : PCF — * ULC. Done les objets dans 
la categorie qu'on construit sont des langages avec de la structure de plus, qui permet de 
distinguer des morphismes initiaux/,/ 7 : PCF — > ULC, 
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(PCF,0) 

r (ULC.VO. 

Dans cette categorie, initialite de (PCF, <p) donne le principe d'iteration suivant: spe- 
cifier une traduction iterative / : PCF — » ULC est equivalent a specifier la "structure 
additionelle" ip du lambda calcul ULC. 

Une question naturelle est si — ou mieux, dans quel sens — la traduction / specifiee 
dans Fig. 1.1 est compatible avec les reductions respectives des langages source et but. 
Phoa [Pho93] repond a cette question; en particulier, la traduction / est fidele au sens 
que 

t-»p CF t' implique f(t)-» p f(t') . 

Dans cette these nous fournissons un cadre categorique qui permet de specifier, via une 
propriete universelle, de telles traductions fideles entre des langages avec liaison sur des 
ensembles de types differents. 



Exemple: Axiomes de Peano 

On introduit la notion de signature et representation a l'exemple des nombres naturels; 
on donne la signature des nombres naturels ainsi que la categorie des representations 
associee. Comme signature, nous considerons l'application suivante: 

Les nombres naturels sont construit a partir de deux constructeurs, notamment un 
operateur d'arite 0, disons, z, — la constante zero — ainsi qu'un operateur unaire, disons, 
5 — la fonction successeur. 

Une representation de la signature J/ est donnee par un triplet [X, Z, S) d'un ensemble 
X avec une constante Zelet une operation unaire S : X — » X. Un morphisme vers un 
autre triplet (X , Z , S ) est donne par une application / : X — » X telle que 

/(Z) = Z et foS = S of . 

Cette categorie admet un objet initial (N, Zero, Succ) donne par les nombres naturels N 
equipes de la constante Zero = et de l'application successeur Succ : N — * N. 

Liaison des Variables 

Les techniques suivantes sont utilisees frequemment pour modeliser la liaison des vari- 
ables: 
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• Syntaxe nominelle utilisant l'abstraction nominee (A etant un ensemble d'atomes), 
e.g., 

A : [A]T -» T 



• Higher-Order Abstract Syntax (HOAS), e.g., 

A : (r — > r) — > r 

et sa variante faible, e.g., 

A : (A — > r) — > r 

• Nested Data Types comme presentes par [BM98], e.g., 

A : T(X + 1) -» r(X) 

L'encodage via nested data types est different des autres techniques au sens qu'ici, 
l'ensemble des termes T est parametrise par un contexte. Done T(X) denote l'ensemble 
des termes du langage T avec des variables libres dans l'ensemble X. L'ensemble X + 1 
correspond a un contexte elargi d'une variable libre additionelle, qui sera liee par le 
constructeur lambda. 

Exemple: Nous representons le lambda calcul comme un nested data type: considerons 
le type inductif ULC : Set — > Set: 

Inductive ULC (V : Type) : Type :— 
Var : V -> ULC V 
Abs : ULC (option V) -> ULC V 
App : ULC V -> ULC V -> ULC V. 

Pour la syntaxe avec liaison, les arites doivent donner de l'information sur les liaisons du 
constructeur associe. Nous specifions les arites avec des listes de nombres naturels. La 
longueur d'une liste specifie le nombre d'arguments d'un constructeur, et sa composante 
t donne le nombre de variables que le constructeur lie dans l'argument i. La signature A 
de U LC est donnee par 

A := {app: [0,0] , abs: [1]} . 

L'application V —» ULC(V) est functorielle: pour / : V — » W, l'application ULC(/ ) : 
ULC(V) — > ULC(W) renomme chaque variable libre v e V d'un terme par /(v), ce 
qui donne un terme avec des variables libres dans W. Alors, la signature A doit etre 
representee dans des functeurs F : Set — * Set au lieu des ensembles, et on considere des 
transformations naturelles au lieu des applications. 



xv 



Substitution 



Nous souhaitons integrer le plus de structures possible dans notre categorie de «modeles». 
Une de ces structures est la substitution sans capture des variables libres. Pour cela, nous 
ne considerons pas des functeurs simples F : Set — > Set, mais des monades sur la categorie 
Set des ensembles. Une monade est un functeur equipe de structure additionelle, que Ton 
explique en utilisant l'exemple du lambda calcul. L' application V <-* ULC(V) vient avec 
une operation de substitution simultanee sans capture: soient V and W deux ensembles 
(de variables) et / une application / : V — » ULC(W). Etant donne un lambda terme 
t e ULC(V), on remplace chaque variable libre veV dans t par son image sous /, ce qui 
donne un terme t' e ULC(W). De plus, nous considerons le constructeur Var y comme 
une application "variable-comme-terme", indexee par un ensemble de variables V, 



Altenkirch et Reus [AR99] observent que la structure de monade capture ces deux 
operations et leurs proprietes: substitution et variable-comme-termes font de ULC une 
monade sur la categorie des ensembles. 

La structure de monade de U LC devrait etre compatible dans un sens avec les construc- 
teurs Abs et App de ULC: substitution distribue sur les constructeurs. Pour capturer cette 
distributivite, Hirschowitz et Maggesi [HM07a] considerent des modules sur une monade 
(cf. Def. 2.43) — qui generalisent la substitution monadique — , et des morphismes 
de modules — qui sont des transformations naturelles qui sont compatibles avec la 
substitution de modules. En effet, les applications 



sont des application sous-jacentes de tels modules (cf. Exs. 2.45, 2.46), et les construc- 
teurs Abs et App sont des morphismes de modules (cf. Exs. 2.47, 2.74). 



Des systemes de types existent avec des caracteristiques variees, de la syntaxe simple- 
ment typee a la syntaxe avec des types dependents, polymorphisme etc. Par syntaxe 
simplement typee nous entendons une syntaxe non-polymorphe dont l'ensemble de types 
est independent de l'ensemble des termes, c'est-a-dire les constructeurs de types ne 
prennent que des types comme arguments. 

Dans des systemes de types plus sophistiques, les types peuvent dependre des termes, 
ce qui amene a des definitions plus complexes d'arites et de signature. Ce travail-ci ne 



Var y : V ULC(V) . 



ULC 
ULC 7 
ULC x ULC 



V~ULC(V) , 
V~ULC(V + l)et 
V~ULC(V)xULC(V) 



Types 
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traite que les langages simplement types, comme le lambda calcul simplement type ou 
PCF. Nous appellerons l'ensemble de types sous-jacent les types objet. 

Le but du typage est de classifier les termes selon des criteres. Par exemple, on pourrait 
se demander si un terme est de type fonction, et ainsi peut etre applique a un autre 
terme. Une fois qu'une telle classification est mis en place, on peut utiliser l'information 
de typage pour filtrer les termes selon leurs types, pour ne choisir que les termes avec le 
type desire. 

Une facon d'ajouter des types serait de les integrer dans les termes comme dans 
«Ax : N.x + 4». Par contre, pour les systemes de types simples on peut separer les univers 
des types et des termes et considerer le typage comme une application des termes vers 
les types, ainsi donnant une structure simple mathematique au typage. 

Comment peut-on assurer que nos termes sont bien types ? Bien qu'on separe les types 
des termes, on voudrait maintenir une integration forte du typage dans le processus de 
construction des termes, pour eviter de construire des termes mal types. La separation des 
termes et des types semble contredire ce but. La reponse est de ne pas considerer qu'im 
ensemble de termes avec une application de typage vers l'ensemble, disons, T de types, 
mais unefamille d'ensembles, indexee par l'ensemble T de types objet. Les constructeurs 
de termes peuvent ainsi choisir quels termes ils accepteront comme argument. Nous 
considerons aussi les variables libres comme etant equipees d'un type objet. Autrement 
dit, nous ne considerons pas des termes sur un ensemble de variables, mais sur une famille 
d'ensembles de variables, indexee par l'ensemble des types objet. Encore autrement dit, 
nous considerons un contexte comme donne par une famille (V t ) t6r d'ensembles, d'ou 
V t := V(t) est l'ensemble de variables de type t. Nous illustrons notre point de vue a 
l'aide de l'exemple du lambda calcul simplement type TLC: 

Exemple: Soit 

r TLC ::= * | r TLC ~> r TLC 

l'ensemble de types du lambda calcul simplement type. L'ensemble des lambda termes 
avec des variables libres dans V est donne par la famille inductive suivante: 

Inductive TLC (V : T — > Type) : T — > Type := 
Var : forall t, V t -> TLC V t 
j Abs : forall s t TLC (V + s) t -> TLC V (s ~> t) 
App : forall s t, TLC V (s ~> t) -> TLC V s -> TLC V t. 

d'ou V +s := V + {*s} est l'extension du contexte par une variable de type s e Tj\_q — 
la variable qui sera liee par le constructeur Abs (s, t). Les variables 5 et t prennent des 
valeurs dans l'ensemble Tj\_q des types. La signature du lambda calcul simplement type 
est donnee dans Exs. 3.23 et 3.47. Le paragraphe precedent sur les monades et modules 
s'applique au lambda calcul simplement type quand on remplace les ensembles par des 
families d'ensembles indexees par Tjiq: le lambda calcul simplement type peut etre 
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equipe d'une structure de monade (cf. Ex. 2.37) 

TLC : Set^ TLC — > Set^ TLC . 
Les constructeurs de TLC sont des morphismes de modules (cf. Exs. 2.61, 2.56, 2.60). 

Cette methode de definir precisement les termes bien types en les organisant dans 
une famille d'ensembles parametrisee par les types objet s'appelle typage intrinseque 
[BHKM11] — l'oppose du typage extrinseque, oil d'abord on definit un ensemble de 
termes bruts, qui est filtre apres via un predicat de typage. Le typage intrinseque delegue 
le typage objet au systeme de type du meta langage, comme Coq dans Ex. 1.3. Ainsi, le 
systeme de types meta (e.g. Coq) trie les termes mal types automatiquement: ecrire un 
tel terme donne une erreur de type au niveau meta. 

De plus, l'encodage intrinseque vient avec un principe de recursion plus conviviale; 
une application vers un autre systeme de types peut etre donnee en specifiant son image 
sur les termes bien types. En utilisant le typage extrinseque, une application sur les 
termes serait specinee sur l'ensemble des termes bruts, y compris les termes mal types, 
ou seulement sur les termes bien types en donnant un argument propositionel de plus 
qui exprime le fait que le terme soit bien type. Benton et al. donnent une explication 
detaillee du typage intrinseque [BHKM11]. 

Reductions 

La semantique d'un langage de programmation decrit comment des logiciels de ce langage 
sont evalues. Pour les langages fonctionnels comme on les considere dans cette these, 
devaluation est faite par des reductions. Par exemple, revaluation du terme 7 + 5 d'un 
langage arithmetique vers sa valeur 12 est faite en une serie de reductions, dont la forme 
precise depend de la semantique du langage. Des regies typiques, qui specifient comment 
des termes reduisent, sont donnees dans Sect. A.2 pour les langages du lambda calcul et 
PCF. 

Etant donne un ensemble A de regies de reduction, on peut considerer la relation 
engendree par ces regies. Plus precisement, suivant Barendregt et Barendsen [BB94], 
nous considerons plusieurs clotures de ces regies: 

Propagation dans des sous-termes Une relation R est appele compatible si elle est 
close sous propagation dans des sous-termes, i.e. si pour tout constructeur / d'arite 
n et tout i < n, 

M ~> R N =>f(x 1 ,...,x h ,M,x i+1 ,...,x n ) ~» R f(x 1 ,...,x il ,N,x i+1 ,...,x n ) . 

Reduction Une relation R est une relation de reduction si elle est compatible, reflexive et 
transitive. 
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Equivalence Une relation R est une congruence si elle est une relation d'equivalence 
compatible. 

A l'ensemble A de regies nous associons trois relations engendrees par A, qui sont les 
relations les plus petites contenant A et etant une relation compatible, une relation de 
reduction et une relation d'equivalence, respectivement. Nous ecrivons ces relations, 
dans cet ordre, par — > A , -** A and = A , respectivement. 

Dans cette these nous considerons la relation de reduction engendree par un ensemble 
de regies. Par rapport a la congruence, il lui manque une regie de symmetric, ce qui, bien 
qu'adequat pour le raisonnement mathematique, donne lieu a une relation trop grossiere 
du point de vue du calcul. Comme l'ecrit Girard [GTL89], tandis que la congruence 
engendree par A accentue le point de vue statique des mathematiques, la relation de 
reduction associee a A accentue le point de vue dynamique du calcul. 

Afin de tenir compte des reductions, nous considerons des foncteurs et monades dont 
le codomaine n'est pas la categorie des (families d') ensembles, mais des (families d') 
ensembles preordonnes. La definition de monade demande du foncteur sous-jacent d'etre 
un endofoncteur, mais nous ne voudrons pas considerer des contextes preordonnes — 
quelle serait la signification de ce preordre ? La restriction a des endofoncteurs a ete 
abolie par Altenkirch et al. [ACU10] en introduisant les monades relatives. Une monade 
relative est donnee par un foncteur — pas necessairement endo — accompagne de 
deux operations tres similaires aux operations monadiques variables-comme-termes et 
substitution. Nous considerons ainsi, par exemple, le lambda calcul comme une monade 
relative qui associe, a chaque ensemble X de variables, un ensemble preordonne de lambda 
termes (ULCpf), ou le preordre sur ULCpf) est donne par la relation de reduction 
-**p engendree par la regie beta de Disp. (A.2.1), cf. Ex. 2.85. 
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Conclusions et Travaux Ulterieurs 



Nous resumons les contributions de cette these et abordons des travaux ulterieurs. 



Contributions 

Nous avons demontre un resultat d'initialite pour de la syntaxe simplement typee, 
equipee des regies de reduction. Le principe d'iteration categorique obtenu par la 
propriete universelle d'intialite est suffisamment general pour permettre la specification 
de traductions de la representation des termes vers des langages types sur des ensembles 
differents des types. 

Nous avons caracterise la syntaxe liante avec des reductions — par exemple, le 
lambda calcul avec la reduction beta — comme une monade relative sur le foncteur 
A (cf. Ex. 2.85), ce qui n'encode pas seulement des proprietes de commutativite de 
la substitution, mais egalement sa monotonicite dans l'argument d'ordre premier. Une 
autre propriete de monotonicite pour l'argument d'ordre superieur peut etre assuree 
par un renforcement approprie de la definition de monade relative dans un contexte 
2-categorique, cf. Rem. 2.86. Nous avons egalement transfere la definition de module 
sur une monade et plusieurs constructions de modules vers des modules sur les monades 
relatives. 

Ensuite, nous avons demontre plusieurs theoremes dans l'assistant de preuves Coq: 
premierement, nous avons implemente le theoreme d'initialite de Zsido [ZsilO, Chap. 6], 
resume dans ce travail pour reference dans Sect. 3.2. Deuxiemement, nous avons 
demontre le theoreme de Chapt. 4, fournissant un outil qui, etant donnee une 2-signature 
(S,A), genere la syntaxe associee a S, equipee de la relation de reduction engendree 
par les inequations de A. Troisiemement, nous avons demontre une instance de notre 
theoreme principal, Thm. 5.21 de Chapt. 5, pour la 2-signature particuliere du langage 
de programmation PCF, equipe des regies de reduction comme dans Fig. A.4. La re- 
presentation de la signature de PCF dans la monade du lambda calcul non type avec 
reduction beta donne une traduction executable de PCF vers ULC qui est certifiee d'etre 
compatible avec la substitution et la reduction des langages source et but. 
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Travaux Ulterieurs 

Desormais, nous esperons demontrer et implementer des theoremes d'initialite pour des 
systemes de types plus riches. En particulier, on voudrait prendre en compte des types 
dependants et le polymorphisme, deux etapes importantes vers des logiciels certifies et 
reutilisation de code, respectivement. 

De plus, la modelisation de la semantique devrait etre amelioree pour permettre le 
raisonnement sur des proprietes importantes telles que la terminaison. 

Comme susmentionne, rimplementation des resultats d'initialite dans un assistant de 
preuves peut servir comme un cadre pour la recherche sur des langages de programmation 
et des logiques. Pour cette raison, nous envisageons rimplementation dans un assistant 
de preuves de Thm. 5.21 en toute generalite. 

On presente ces aspects en detail: 

Modelisation de reduction plus nuancee Etant donnee une 2-signature (une signa- 
ture avec un ensemble d'inequations), les modeles pour cette 2-signature etaient 
jusqu'a maintenant princpalement des foncteurs qui associent, a chaque ensemble 
«de variables" un ensemble preordonne — intuitivement un modele des «termes» 
sur l'ensemble des variables 1 . Le preordre < sur un tel modele correspond a la 
relation de reduction sur ce modele, c'est-a-dire le «terme» t reduit vers t' si et 
seulement si t < t' . 

La modelisation des reductions via des preordres peut etre considered comme etant 
trop grossiere a plusieurs egards: 

• des reductions differentes peuvent amener d'un terme vers un autre. Par 
contre, l'utilisation des preordres pour la modelisation des reductions ne 
permet pas de distinguer deux reductions de meme source et but. 

• La regie de reflexivite codee en dur rend difficile le raisonnement sur la 
normalisation — en particulier, la terminaison. 

Au lieu de considerer des ensembles preordonnes (indexes par des ensembles 
de variables libres) comme des modeles d'une 2-signature, il serait interessant 
de considerer une structure qui permet un traitement plus nuance de reduction, 
comme par exemples les graphes ou les categories. Autrement dit, on pourrait 
construire des modeles d'une 2-signature a partir des monades relatives vers la 
categorie des graphes ou (petites) categories. En utilisant cette nouvelle definition 
de modele, on pourrait envisager de demontrer un theoreme d'initialite analogue a 
celui deja demontre, et d'utiliser la structure de plus obtenue en travaillant avec 
des graphes ou des categories pour raisonner sur les proprietes mentionnees plus 
haut. 

1 On ignore le cas type pour l'instant, qui est analogue. 
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Inequations, Syntaxiquement Fiore etHur [FH10] developpent une theorie syntaxique 
d'equations sur une signature d'ordre superieure, ce qui permet de prouver surete 
et completude par rapport aux modeles de la signature et aux equations. Des 
techniques pareilles devraient permettre de presenter nos inequations de facon 
syntaxique. En plus du but evident de surete et completude, une telle presentation 
syntaxique faciliterait aussi la specification des reductions dans l'implementation 
en Coq: en particulier, il serait possible de specifier des reductions sans aucune 
connaissance des concepts categoriques. 

Un but minimal, ce serait d'avoir un data type — qui depend de la 1-signature sous- 
jacant — qui permet de specifier les demi-equations habituelles, principalement 
obtenues par la substitution et en composant des arites, p. ex. appo (abs x id). A un 
terme de ce data type on pourrait associer une famille de morphismes de modules, 
qui forment le carrier d'une demi-equation: les proprietes algebriques (d'etre un 
morphisme de modules, ce qui correspond a la compatibility entre substitution et 
meta-substitution dans [FH10]) pourraient etre prouvees une fois pour tout par 
recurrence. 

Systemes de types plus sophistiques Les nouveaux langages de programmation sont 
equipes de systemes de types de plus en plus sophistiques: des types dependants 
permettent d' assurer des proprietes des resultats d'une fonction et ainsi la composi- 
tion fiable des fonctions. Le polymorphisme permet la reutilisation de code dans 
des situations diverses. Une caracterisation algebrique de tels systemes de types 
sophistiques avec liaison de variables par une propriete universelle n'existe pas 
encore. Nous esperons generaliser nos resultats d'initialite pour prendre en compte 
ces systemes de types. 

Une classe plus large d'arites Les theoremes d'initialite jusqu'a maintenant prennent 
en compte des arites, c'est-a-dire des constructeurs de termes, de nature plutot 
simple: les seules operations considerees sont le produit — pour des constructeurs 
qui prennent plusieurs arguments — et l'extension de contexte, pour modeliser la 
liaison de variables. 

On devrait tenir compte des constructeurs de termes plus generaux. Hirschowitz 
et Maggesi [HM12] ont introduit une notion d'arite renforcee qui permet, par 
exemple, de traiter un constructeur d'aplatissement [j, : T o T — > T. Finalement, 
nous esperons trouver un critere simple tres general pour des arites et des signatures 
pour lesquelles un modele initial peut etre construit. 

Un outil de recherche certifie Les resultats obtenus devraient — comme on l'a deja 
fait pour la syntaxe non typee avec reductions — etre implemented dans un 
assistant de preuves tel que Coq. Ainsi, un theoreme d'initialite peut etre utilise 
comme un outil pratique pour faire facilement des experiences avec des langages 
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differents. Changer un langage correspondrait a simplement changer sa signature 
specifiante, et routes les donnees et proprietes telles que la substitution certifiee 
et le principe d'iteration, mais egalement des reductions, seraient fournies par 
le systeme. Pour cette implementation sur la machine et pour avoir des regies 
de reduction appropriees, nous souhaitons aussi obtenir, de facon automatique, 
une fonction de reduction r en plus de la relation de reduction. Cette fonction 
de reduction pourrait ainsi etre validee par rapport a la relation au sens ou l'on 
pourrait demontrer que pour chaque terme t, onat<r(t). 
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1. Introduction 



In this thesis we give a characterization, via a universal property, of the syntax and se- 
mantics of simply-typed languages with variable binding. More precisely, we characterize 
the terms and sorts associated to a signature, equipped with reduction rules, as the initial 
object in some category. Via the iteration principle stemming from initiality translations 
between languages, possibly over different sets of sorts, can be specified in a convenient 
and economic way. Furthermore, translations thus specified are ensured to be faithful 
with respect to reduction in the source and target languages, as well as compatible in a 
suitable sense with substitution on either side. 



1.1. Motivation: Translations from PCF to ULC 

As an introductory example, consider translations from the programming language PCF, 
introduced by Plotkin [Plo77], to the untyped lambda calculus ULC, invented by Church 
[Chu36]. A detailed account of both languages is given in Appx. A. These two languages 
are paradigmatic in the sense that PCF may be considered a rather high-level language, 
equipped with a type system, whereas the untyped lambda calculus represents a low- 
level, untyped language. We specify a map / from the set of PCF terms to the set of 
lambda terms as in Fig. 1.1 (cf. [Pho93]), with a suitable function g from the set of 
constants of PCF to lambda terms, e.g., g(T) := Xxy.x, and suitable constants of the 



/(<*) = g(<0 
f(x A ) = x 
/(s@t)=/0)@/(t) 
f{Xx.M) = Xx.f(M) 
/(Fix A (M)) = 9@/(M) 



Figure 1.1.: Translation from PCF to ULC 
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lambda calculus, e.g., 

:= (Ax.Ay.(y(xxy))) (Ax.Ay.(y(xxy))) (Turing fixed point combinator) and 
Q := (Xx.xx)(Xx.xx) . 

Of course, different such translations exist; for instance, one may choose to translate Fix 
to a different fixed point combinator or one chooses a different representation g' for the 
constants of PCF in the lambda calculus, yielding a different translation/ 7 : PCF — * ULC. 

In this thesis we present a category-theoretic framework to specify such translations 
of a language to another. The challenges are 

• the varying sets of sorts in source and target languages 1 and 

• to capture compatibility of such translations with structure — such as substitution 
and reduction — in the source and target languages. 

We construct a category in which "languages such as PCF and ULC are objects", and 
in which the above translation /:PCF— »ULCisa morphism. As it turns out, the 
preceding sentence is imprecise and needs to be refined: more precisely, in the category 
we construct the translation / is an initial morphism f : PCF — * ULC, that is, its source 
PCF is the initial object. Now, as we have seen, there are several possible translations 
from PCF to the lambda calculus, and the above translation / : PCF — > ULC cannot be 
an initial morphism in a category where objects are "just" languages — otherwise we 
would have f —f for any translation /' : PCF — > ULC. Thus the objects in the category 
we construct are not just languages, but languages with additional structure, allowing us 
to distinguish different initial morphisms /,/' : PCF — * ULC, 



In this category initiality of (PCF, 0) yields the following iteration principle: specifying 
an iterative translation / : PCF — » ULC is equivalent to specifying the "extra structure" 
ip of the lambda calculus ULC. We do not yet explain what this additional structure, 
here denoted cp,^ and ip' , looks like, but refer instead to Sect. 1.2.1 for an instructive 
example. 

A natural question then is whether — or better, in what sense — the translation / 
specified in Fig. 1.1 is compatible with the respective reductions in the source and target 

1 Here we consider untyped languages to be single-sorted. 




(PCF, tfO 




/ 



(ULC, i/O. 
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languages. Phoa [Pho93] gives an answer to this question; in particular, the translation 
/ is faithful in the sense that 

t-» PC Ft' implies /(r) -+> p /(V) . 

In this thesis we provide a category-theoretic framework which allows to specify, via a 
universal property, such faithful translations between languages with variable binding 
over different sets of sorts. 

1.2. Initial Semantics 

Initial Semantics characterizes the terms of a language associated to a signature S as the 
initial object in some category — whose objects we call Semantics of S — , yielding a 
concise, high-level, definition of the abstract syntax associated to S. In more detail, the 
following "ingredients" are used: 

Signature A signature specifies abstractly and concisely the syntax and semantics of a 
language. 

Category of Representations To any signature S we associate a category of "models" 
of that signature, the objects of which we call representations of S. 

Initiality In this category of representations of S we exhibit the initial object, the 
language generated by S. 

The motivation for Initial Semantics are twofold: firstly, Initial Semantics provides a 
category-theoretic definition — via a universal property — of the syntax and semantics 
freely generated by a signature. Secondly, initiality yields an iteration operator which 
allows for an economic and convenient specification of morphisms — translations — from 
the initial object to other languages. 

Depending on the "richness" of the language we want to define, we need a suitable 
notion of signature and, accordingly, of representation of that signature. The language 
features we consider in this thesis are the following: 

Variable binding We consider binding constructors on the term level, such as lambda 
abstraction. 

Typing We consider simple type systems, such as the simply-typed lambda calculus and, 
via the Curry-Howard isomorphism, propositional logic (cf. Sect. 3.4). 

Reduction We consider semantics in form of reduction rules on terms, such as beta 
reduction, 

Ax.M(IV)~>M[x :=N] . 
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For the integration of each of the features above, the notions of signature and representa- 
tion have to be adapted to accommodate the increasing amount of information which 
must be given to uniquely specify a language. 

One of our goals is to use Initial Semantics in order to treat the last question of the 
preceding section: we would like to translate from one language into another — possibly 
over different sets of sorts — , using a universal, category-theoretic construction. This 
construction should take into account as much "structure" as possible. By this we mean 
that the translations under consideration should by construction be compatible, for 
instance, with typing and reduction in the source and target language. A more in-depth 
description of those structures is given in Sects. 1.2.3, 1.2.4, 1.2.5 and 1.2.6. 

In Sect. 1.2.1 we explain the notion of signature and representation for a simple 
inductive data type, the natural numbers. The following sections sketch the changes that 
have to be made in order to integrate variable binding, substitution, typing and reduction 
rules, respectively. In Sect. 1.3 we summarize the contributions of this thesis, whereas in 
Sect. 1.4 we give a section-wise overview of its contents. 

1.2.1. Example: Peano Axioms 

We introduce the notion of signature and representation using the example of the natural 
numbers; in line with the triple structure mentioned at the beginning of Sect. 1.2, our 
goal is to give a signature for the natural numbers and to associate to it a category of 
representations whose initial object is given by the natural numbers. 

As a suitable signature, consider the following map from a two elements set to natural 
numbers: 

jV:={z^0 , s-^1} . 

Intuitively, it says that the natural numbers are built from two constructors, namely a 
0-ary operator (i.e. a constant), say, z, — the zero constant — and a unary operator, say, 
s — the successor function. 

A representation of the signature J/ is given by a triple [X, Z,S) of a setX together 
with a constant Z G X and a unary operation S : X — * X. A morphism to another such 
triple (X , Z , S ) is a map / : X — > X such that 

/(Z) = Z and foS = S of. (1.2.1) 

This category has an initial object (N, Zero, Succ) given by the natural numbers N equipped 
with the constant Zero = and the successor function Succ : N — > N. 

Initiality of N gives a way to specify iterative functions [VenOO] from N to any setX by 
equipping X with a constant Z e X and a unary map S : X — * X, i.e. making the set X the 
carrier of an object (X, Z, S) e jV. A different choice of Z' e X and S' : X — * X yields a 
different iterative map N — * X. 



4 



1.2. Initial Semantics 



Put differently, reading Disp. (1.2.1) dynamically rather than statically, i.e. as a reduc- 
tion from left to right rather than as equations, shows that functions on the initial object 
N can be defined by pattern matching, where the right-hand side of the matching must 
obey a particular form. 

1.1 Remark Digression on Natural Numbers Object: The very same definition is also used 
to define a natural numbers object in any category with a terminal object 1; just replace 
Zel and S : X — > X by morphisms z : 1 — > X and s : X — » X in More precisely, we 
call natural numbers object the triple (N : , Zero : 1 — * N, Succ : N — * N) if, for any 
triple (X,z,s) of an object X e ^ and morphisms z and 5 as above, there exists a unique 
morphism / : N — > X such that the following diagrams commute: 



1 




x x^^x 



For details we refer to Mac Lane and Moerdijk's book [MLM92]. 



1.2.2. Initial Algebras 



The term "Initial Algebra" is best explained using another viewpoint, where a signature is 
given by a signature functor E : Set — * Set. The category in question then is the category 
E-Alg of algebras of the functor E, that is, the category whose objects are pairs (X,/) of 
a set X and a map / : EX — > X. A morphism to another such algebra (Y, g) is given by a 
map h : X — > Y such that 

Eh 



EX 



/ 
X 



-^EY 



commutes. The example of Sect. 1.2.1 is equivalently given by the signature functor 
Jf : X >-> 1 +X, with initial algebra 

[Zero,Succ] 

1 + N- -* N . 



Another example is that of lists (of finite length) of a given type A: let F(X) := 
The initial F-algebra is given by the set [A] of lists over A, 



1+AxX. 



1 +A x [A] 



[nil,cons] 



[A] 
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1.2.3. Adding Variable Binding 

When passing to syntax with variable binding, the question of how to model binding 
arises. The following representations of binding are among the most frequently used: 

• Nominal syntax using named abstraction (A being a set of atoms), e.g., 

A : [A]T -> T 

• Higher-Order Abstract Syntax (HOAS), e.g., 

A : (T -> T) -> T 

and its weak variant, e.g., 

A : (A -» T) -» T 

• Nested Data Types as presented in [BM98], e.g., 

A : T(X + 1) -> T(X) 

Note that the encoding via nested data types differs conceptually from the others in that 
here the set T of terms is parametrized explicitly by a context, i.e. a setX of variables 
possibly appearing freely in the terms of T(X). Thus T(X) denotes the set of terms of the 
language T with free variables in the set X. The set X + 1 corresponds to an extended 
context with one additional free variable, which is bound in the abstracted term. It is 
usually implemented through an inductive data type (option in Ocaml or the Maybe 
monad in Haskell) — whence the term "Nested". It is also known under the name 
"Heterogenous data type" [AR99]. 

1.2 Example: We represent the untyped lambda calculus as a nested data type as done, 
e.g., by Bird and Paterson [BP99]: consider the following inductive type ULC : Set — * Set 
of terms of the untyped lambda calculus 2 : 

Inductive ULC (V : Type) : Type := 
Var : V -> ULC V 
| Abs : ULC (option V) -> ULC V 
j App : ULC V -> ULC V -> ULC V. 

For syntax with binding, arities need to carry information about the binding behaviour 
of their associated constructor. One way to define such arities is using lists of natural 
numbers. The length of a list then indicates the number of arguments of the constructor, 

2 We use "Set" synonymously to "Type". Note however, that types behave differently from sets in some 
aspects. In particular, given two (propositionally) equal types A = B and a : A, we do not have a : B. 
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and the i-th entry denotes the number of variables that the constructor binds in the i-th 
argument. Continuing Ex. 1.2, the signature A of ULC is given by 



The map V >-> ULC(V) is in fact functorial: given a map / : V — > W, the map ULC(/) : 
ULC(V) — > ULC(W) renames any free variable v e V in a term by /(v), yielding a term 
with free variables in W. Accordingly, the signature A should be represented in functors 
F : Set — » Set instead of in sets, and natural transformations take the place of maps. 

1.2.4. Adding Substitution 

As mentioned at the beginning of Sect. 1.2, we would like to integrate as much structure 
as possible into our category of "models". One such structure is (capture-avoiding) 
substitution of free variables. To account for substitution, we consider not plain functors 
F : Set — » Set as in the preceding paragraph, but instead monads on the category Set 
of sets. Monads are functors equipped with some extra structure, which we explain 
by the example of the untyped lambda calculus. The map V >-* ULC(V) comes with a 
(capture-avoiding) simultaneous substitution operation: let V and W be two sets (of 
variables) and / be a map / : V — > ULC(W). Given a lambda term t e ULC(V), we can 
replace each free variable v e V in t by its image under /, yielding a term t' e ULC(W). 
Furthermore we consider the constructor Var y as a "variable-as-term" map, indexed by 
a set of variables V, 



Altenkirch and Reus [AR99] observed that the well-known algebraic structure of monad 
captures those two operations and their properties: substitution and variable-as-term 
map turn ULC into a monad (Def. 2.65) on the category of sets. 

The monad structure of U LC should be compatible in a suitable sense with the con- 
structors Abs and App of ULC: substitution distributes over constructors. To capture this 
distributivity Hirschowitz and Maggesi [HM07a] consider modules over a monad (cf. 
Def. 2.43) — which generalize monadic substitution — , and morphisms of modules — 
which are natural transformations that are compatible with the module substitution in a 
suitable sense. Indeed, the maps 



are the underlying maps of such modules (cf. Exs. 2.45, 2.46), and the constructors Abs 
and App are morphisms of modules (cf. Exs. 2.47, 2.74). 



A := {app: [0,0] , abs: [1]} . 



Var v : ULC(V) . 



ULC 
ULC 7 
ULC x ULC 



V~ULC(V) , 
V~ULC(V + l)and 
V~ULC(V)x ULC(V) 



7 



1. Introduction 



1.2.5. Adding Types 

Type systems exist with varying features, ranging from simply-typed syntax to syntax 
with dependent types, kinds, polymorphism, etc. By simply-typed syntax we mean a 
non-polymorphic syntax where the set of types is independent from the set of terms, i.e. 
type constructors only take types as arguments. In more sophisticated type systems, types 
may depend on terms, leading to more complex definitions of arities and signatures. The 
present work is only concerned with simply-typed languages, such as the simply-typed 
A-calculus and PCF. We refer to the underlying set of types of a language as object types 
or sorts. 

The goal of typing is to classify terms according to some criteria. As an example, one 
may ask whether a term is of function type, that is, whether it would make sense to 
apply it to another term. Once such a classification of terms is achieved, one can use 
typing information to filter terms according to their types, in order to pick out only those 
terms that have the desired type. The classification of terms through typing thus has a 
semantic flavour. However, we still subsume typing under the syntactic aspect, since it 
has an impact on the set of terms of the language. 

One way to add types would be to make them part of the terms, as in "Ax : N.x + 4". 
However, for simple type systems it is possible to separate the worlds of types and terms 
and consider typing as a map from terms to types, thus giving a simple mathematical 
structure to typing. How can we be sure that our terms are well-typed? Despite the 
separation of types and terms we still want typing to be tightly integrated into the process 
of building terms, in order to avoid constructing ill-typed terms. Separation of terms 
and types seems to contradict this goal. The answer lies in considering not one set of 
terms with a "typing map" to the set, say, T, of types, but a family of sets, indexed by the 
set T of object types. Term constructors then can be "picky" about what terms they take 
as arguments, accepting only those terms that have the suitable type. We also consider 
free variables to be equipped with an object type. Put differently, we do not consider 
terms over one set of variables, but over a family of sets of variables, indexed by the set 
of object types. In other words, we consider a context to be given by a family (V t ) ter of 
sets of variables, where V t := V(t) is the set of variables of object type t. We illustrate 
our point of view by means of the example of the simply-typed lambda calculus TLC: 

1.3 Example: Let 

Ttlc -= * I T TLC ~> r TLC 

be the set of types of the simply-typed lambda calculus. The set family of simply-typed 
lambda terms with free variables in V is given by the following inductive family: 

Inductive TLC (V : T — > Type) : T — > Type := 
Var : forall t, V t -> TLC V t 
| Abs : forall s t TLC (V + s) t -> TLC V (s ~> t) 
App : forall s t, TLC V (s ~> t) -> TLC V s -> TLC V t. 
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where V + s := V + {*s} denotes context extension by a variable of type s e Tj\_q — the 
variable which is bound by the constructor Abs (5, t). The variables s and t range over the 
set Tj]_q of types. The signature describing the simply-typed lambda calculus is given in 
Exs. 3.23 and 3.47. The preceding paragraph about monads and modules applies to the 
simply-typed lambda calculus when replacing sets by families of sets indexed by Tjiq: 
the simply-typed lambda calculus can be given the structure of a monad (cf. Ex. 2.37) 

TLC : Set rTLC — > Set^ TLC . 

The constructors of TLC are morphisms of modules (cf. Exs. 2.61, 2.56, 2.60). 

This method of defining exactly the well-typed terms by organizing them into a family 
of sets parametrized by object types is called intrinsic typing [BHKM11] — as opposed to 
the extrinsic typing, where first a set of raw terms is defined, which is then filtered via a 
typing predicate. Intrinsic typing delegates object level typing to the meta language type 
system, such as the Coq type system in Ex. 1.3. In this way, the meta level type checker 
(e.g. Coq) sorts out ill-typed terms automatically: writing such a term yields a type error 
on the meta level. 

Furthermore, the intrinsic encoding comes with a much more convenient recursion 
principle; a map to any other type system can simply be defined by specifying its image 
on the well-typed terms. When using extrinsic typing, a map on terms would either have 
to be defined on the set of raw terms, including ill-typed ones, or on just the well-typed 
terms by specifying an additional propositional argument expressing the welltypedness 
of the term argument. Benton et al. give detailed explanation about intrinsic typing in a 
recently published paper [BHKM11]. 

1.2.6. Adding Reductions 

The semantics of a programming language describes how programmes of that language 
evaluate. For functional programming languages as considered in this thesis, evaluation 
— or computation — is done by reduction. As an example, the evaluation of the term 
7 + 5 of a hypothetical arithmetic programming language to its "value" 12 is done by a 
series of reductions, whose precise form depends on the semantics of the language in 
question. Typical rules, which specify how terms reduce, are given in Sect. A.2 for the 
example languages of the lambda calculus and PCF. 

Given a set A of such reduction rules, one may consider the relation generated by these 
rules. More precisely, following Barendregt and Barendsen [BB94], we consider several 
closures of those rules: 

Propagation into subterms A relation R is called compatible if it is closed under propa- 
gation into subterms, that is, if for any constructor / of arity n and any i < n, 

M ~> R N =>f(x 1 ,...,x i ,M,x i+1 ,...,x n ) ~» R /(*!,..., x f ,N,x i+1 ,...,x n ) . 
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Reduction A relation R is a reduction relation if it is compatible, reflexive and transitive. 
Equivalence A relation R is a congruence if it is a compatible equivalence relation. 

To the set A of rules we associate three relations generated by A, which are the small- 
est relations that contain A and are a compatible relation, a reduction relation and a 
congruence, respectively. We denote these relations, in this order, by — * A , -** A and — A , 
respectively. 

1.4 Remark Digression on Reduction Strategies: Suppose we have a term in which reduc- 
tion rules are applicable in several places, such as in the term 

((Ax.M)iV)((Ay.M / )iV / ) , 

which is /3-reducible in the operator and in the operand. Here the natural question arises 
where one should reduce at first, in the operator or in the operand (or both in parallel) — 
the question about the reduction strategy. More precisely, one considers the following 
two properties of rewrite systems: 

Termination Are there infinite — non-terminating — chains of reductions? 

Confluence Suppose a term t reduces both to t' as well as to t" via two different 
reductions. Is there a term t'" such that both t' and t" reduce to t"'l 

Termination and confluence together yield (strong) normalization, an important pro- 
perty of rewriting systems: in a strongly normalizing rewriting system, any reduction 
strategy yields the same value for a given term — in particular, any reduction strategy 
arrives at a value, i.e. at a term without any more reducible subterms. To illustrate the 
concept of termination, we give an example of a lambda term such that one reduction 
strategy terminates whereas another one does not; consider the term (Ax.y)(f2f2) with 
Q. = (Ax.xx) and a free variable y. Reducing the outermost beta redex results in an 
irreducible term y in one step, whereas the strategy of reducing at first the operand (Qf2) 
leads to an infinite chain of reductions. 

In this thesis we are interested in the reduction relation generated by a set of rules. It 
differs from the congruence by the absence of a symmetry rule, which, while adequate 
for mathematical reasoning, yields a relation that is too coarse from a point of view of 
computation. In the words of Girard [GTL89], while the congruence generated by A 
emphasizes the static point of view of mathematics, the reduction relation associated to 
A emphasizes the dynamic point of view of computation. 

To account for reductions, we consider functors and monads whose codomain is not the 
category of (families of) sets, but of (families of) ^reordered sets. The definition of monad 
requires the underlying functor to be an endofunctor, but we do not want to consider 
preordered contexts — what would be the meaning of this preorder? The restriction to 
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endofunctors was lifted by Altenkirch et al. [ACU10] through the introduction of relative 
monads. A relative monad is given by a functor — not necessarily endo — together 
with two operations very similar to monadic variables-as-terms and substitution. We 
thus consider, e.g., the lambda calculus, as a relative monad associating to any set X of 
variables a preordered set of lambda terms (ULC(X), -»^), where the preorder on ULCpf) 
is given by the reduction relation generated by the beta rule of Disp. (A.2.1), cf. 
Ex. 2.85. 

1.3. Contributions 

In this thesis we give, via a universal property, an algebraic characterization of simply- 
typed syntax equipped with semantics in form of reduction rules. More precisely, given a 
pair of a signature — specifying the types and terms of a language — and inequations 
over this signature — specifying reduction rules — , we characterize the terms of the 
language associated to this signature, equipped with reduction rules according to the 
given inequations, as the initial object of a category of "models". 

Our starting point is work on initiality for untyped syntax done by Hirschowitz and 
Maggesi [HM07a], and on its generalization to simply-typed syntax by Zsido [ZsilO]. 
In a first step we extend Zsido's theorem [ZsilO, Chap. 6] to account for varying sorts, 
cf. Sect. 1.3.1. Afterwards, we integrate reduction rules into Hirschowitz and Maggesi's 
[HM07a] purely syntactic initiality result, cf. Sect. 1.3.2. Finally we obtain our main 
theorem, which accounts for varying object types as well as reduction rules, by combining 
the aforementioned two results, cf. Sect. 1.3.3. 

Furthermore, for the untyped case (cf. Sect. 1.3.2), we provide a formalized proof 
in the proof assistant Coq of our result, yielding a machinery which, when fed with a 
signature for terms and a set of inequations, produces the abstract syntax associated to the 
signature, together with the reduction relation generated by the given inequations. For 
the simply-typed case, we formalize the instantiation of our main result (cf. Sect. 1.3.3) 
to the signature of the programming language PCF [Plo77]. 

We now explain our contributions and approaches in more detail: 

1.3.1. Extended Initiality for Varying Sorts 

In her PhD thesis [ZsilO, Chap. 6], Zsido proves an initiality theorem for the abstract 
syntax associated to a simply-typed signature. However, the "models" (or representations) 
she considers, among which the abstract syntax is the initial one, are all models over 
the same set of sorts. In this way, the iteration principle obtained by initiality does not 
allow the specification of a translation to a term language over a different set of sorts. We 
adapt Zsido's theorem by introducing typed signatures. A typed signature (S, S) specifies 
a set of sorts via an algebraic signature S, as well as a set of simply-typed terms over 
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these sorts via a term signature £ over S. A representation R of such a typed signature is 
then given by a representation of its signature S for sorts in some set T = T R as well as a 
representation of E in a monad — also called R — over the category Set 7 . A morphism 
of representations P — * R consists of a morphism / of the underlying representations of S, 
together with a morphism of representations of £, that is compatible in a suitable sense 
with the "translation of sorts" /. We show that the category of representations of (S, S) 
thus defined has an initial object, which integrates the sorts freely generated by S and 
the terms freely generated by £, typed over the sorts of S. Our definition of morphisms 
ensures that, for any translation specified via the iteration principle, the translation of 
terms is compatible with the translation of sorts with respect to the typing in the source 
and target languages. 

To summarize, compared to Zsido's theorem [ZsilO, Chap. 6] we consider representa- 
tions of a signature for terms over varying sets of sorts. However, since we specify the set 
of sorts via a signature S and thus implement the variation of sorts through morphisms 
of representations of S, our "initial set of sorts" necessarily has inductive structure. 



1.3.2. Integrating Reduction Rules 

In order to integrate reduction rules into our initiality results, we define a notion of 
2-signature. A 2-signature (£,A) is given by a (l-)signature £ which specifies the terms 
of a language, and a set A of inequations over S. Intuitively, each inequation specifies a 
reduction rule, for instance the beta rule. 

The models — or representations — of such a 2-signature are built from relative monads 
and modules over relative monads: given a 1-signature S, we define a representation of £ 
to be given by a relative monad on the appropriate functor A : Set — * Pre (cf. Def. 2.13) 
together with a suitable morphism of modules (over relative monads) for each arity of £. 
Given a set A of inequations over £, we define a satisfaction predicate for the models of 
£; we call representation o/(£,A) each representation of £ that satisfies each inequation 
of A. This predicate specifies a full subcategory of the category of representations of 
£. We call this subcategory the category of representations o/(£,A). We prove that this 
category has an initial object, which is built by equipping the initial representation of £ — 
given by the terms freely generated by £ — with a suitable reduction relation generated 
by the inequations of A. 

With this initiality theorem for (£,A) we obtain a new iteration principle, and any 
translation specified via this principle is, by construction, compatible with the reduction 
relation in the source and target languages. 
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1.3.3. Main Theorem: Initiality for Simply-Typed Syntax with 
Reduction 

Finally, we combine the above two theorems in order to obtain an initiality result 
which accounts for the motivating example of Sect. 1.1. More precisely, we define a 
2-signature to be given by a typed signature (S, S) as in Sect. 1.3.1 together a set A of 
(S, S)-inequations analogous to Sect. 1.3.2, specifying reduction rules. 

We define a category of representations of ((S,£),A) and prove that this category 
has an initial object. This initial representation integrates the types and terms freely 
generated by (S, £), the terms being equipped with the reduction relation generated by 
the inequations of A. 

1.3.4. A Computer Implementation for Specifying Syntax and 
Semantics 

Above theorems are really meant to be implemented in a proof assistant. Such an imple- 
mentation allows the specification of syntax and reduction rules via 2-signatures, yielding 
a highly automated mechanism to produce syntax together with certified substitution 
and iteration principle. 

We prove the initiality theorem described in Sect. 1.3.2 in the proof assistant Coq 
[CoqlO]. As an illustration we describe how to obtain the untyped lambda calculus with 
beta reduction via initiality. 

Furthermore we formalize an instance of the theorem explained in Sect. 1.3.3, also in 
Coq. More precisely, we define the category of representations of the typed signature of 
PCF with inequations and prove that this category has an initial object. Afterwards, we 
give a representation of this signature in the relative monad ULC^ of the untyped lambda 
calculus with beta reduction, yielding a translation from PCF to ULC. Instructions on 
how to obtain the complete source code of our Coq library are available on 

http://math.unice.fr/laboratoire/logiciels. 

1.4. Synopsis 

This thesis consists of two parts: Part I (Chapts. 2 to 5) describes and proves informally 
the theorems which constitute this thesis, whereas Part II (Chapts. 6 to 9) describes their 
implementation and verification in the proof assistant Coq [CoqlO]. 

Chapter 2: Category-Theoretic Constructions. We recall the notions of monad and 
module over a monad, together with some important constructions of modules. 
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Afterwards we state equivalent definitions of monads, modules and their morphisms 
in the style of Manes, emphasizing their substitution structure. 

Then we recall Altenkirch et al.'s definition of relative monads and define suitable 
morphisms for such monads. 

Finally we define modules over relative monads and show that the constructions of 
modules over monads carry over to modules over relative monads. 

Chapter 3: Simple Type Systems. We present two initiality theorems for simple type 
systems: 

In Sect. 3.2 we present Zsido's initiality theorem [ZsilO, Chap. 6]: it characterizes 
the syntax associated to a simply-typed signature S over a set T of object types as 
the initial object in a category of representations of S. 

In Sect. 3.3 we prove a variant of Zsido's theorem which allows for representations 
of a term signature over varying sets of sorts. We introduce the notion of typed 
signature in order to account for translations of sorts. A typed signature (S, S) is a 
pair consisting of a first-order algebraic signature S for sorts, and a higher-order 
signature £ for terms over those sorts. A representation of a typed signature (S, S) 
is again a pair given by a representation of the sort signature S in a set T and a 
representation of the term signature £ in a monad P over the category Set T . We 
show that the category of representations of a typed signature has an initial object. 

Finally, as an example, we use the iteration principle stemming from initiality in 
order to specify a double negation translation from classical to intuitionistic propo- 
sitional logic, viewing propositions as types via the Curry-Howard isomorphism. 

Chapter 4: Reductions for Untyped Syntax. We prove an initiality theorem for un- 
typed languages with variable binding, equipped with reduction rules. 

For the specification of such languages, we define a notion of 2-signature, i.e. a 
signature consisting of two levels: a syntactic level — called J -signature — , which 
specifies the terms of the language, and a semantic level, which specifies reduction 
rules for those terms through inequations. A representation of such a 2-signature 
(£,A) is any representation of the underlying 1-signature £ which satisfies each 
inequation of A. 

We define the category of representations of (£,A) as the full subcategory of 
representations of £ whose objects satisfy the inequations of A We prove that this 
subcategory has an initial object, integrating the terms generated by £ and the 
reduction relation generated by the rules of A 

As a running example we consider the 2-signature of the untyped lambda calculus 
with beta reduction. 

The implementation of the theorem in Coq is explained in Chapt. 8. 
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Chapter 5: Simple Type Systems with Reductions. We prove the main result of this 
thesis: we generalize the initiality result from the preceding Chapt. 4 to simply- 
typed syntax with reduction rules, in a way that allows for change of object types 
as in Sect. 3.3. 

More precisely, we generalize the definition of 2-signature to allow for the un- 
derlying 1-signature to specify a simple type system as in Sect. 3.3. Accordingly, 
the definition of inequation is extended to allow for the specification of reduction 
rules on such simple type systems. The main theorem of this chapter states that 
the category of representations of such a 2-signature has an initial object. This 
initial representation integrates the types and terms specified by the underlying 1- 
signature, and is equipped with the reduction relation generated by the inequations 
of the 2-signature. 

Chapter 6: Formalizing Category Theory in Coq. This chapter serves as an introduc- 
tion to the proof assistant Coq in general and our library of category theory used in 
the following chapters in particular. We describe the formalization of basic concepts 
such as categories, (relative) monads and modules over (relative) monads. In the 
course of the chapter we also describe some of the features of Coq that we use, 
such as implicit arguments, the Program framework and coercions. 

Chapter 7: Formalization of Zsido's theorem. Building up on the library presented in 
Chapt. 6, we describe the formalization of Zsido's initiality theorem from Sect. 3.2 
in Coq. At first we define a Coq data type of simply-typed signatures over a given 
object type T. Afterwards we associate a category of representations to any such 
signature and prove that this category has an initial object. 

Chapter 8: Initiality for Untyped 2-Signatures, Formalized. We describe the imple- 
mentation in Coq of the theorem proved informally in Chapt. 4: the category of 
representations of a 2-signature has an initial object. The formal proof follows 
the informal proof very closely; the only noteworthy difference is that the initial 
object of the underlying 1-signature is constructed directly rather than through 
the adjunction proved in Chapt. 4. 

Finally we demonstrate how to specify the untyped lambda calculus with beta 
reduction through a 2-signature in our implementation. 

Chapter 9: A Faithful Translation of PCF to ULC. We formalize in Coq an instance of 
the main theorem of the thesis (cf. Chapt. 5), for the 2-signature of PCF, equipped 
with reduction rules as presented in Fig. A.4. In particular, we explain where we 
encounter difficulties when using intrinsic typing in an intensional type system. 

By representing the signature of PCF in the monad of the untyped lambda calculus, 
we obtain a translation from PCF to ULC that is compatible with reductions in the 
source and target languages. 
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1.5. Related Work 

In this section we review related work, in particular in the field of Initial Semantics (cf. 
Sect. 1.5.2), i.e. algebraic characterization of syntax (and their semantics) and in the 
field of formalization of syntax in proof assistants, cf. Sect. 1.5.3. 



1.5.1. Translations from PCF 

Our main example is given by the programming language PCF, introduced by Plotkin 
[Plo77]. This language and its various semantics have been studied extensively. The fol- 
lowing work is not concerned with algebraic characterization of programming languages, 
and thus not directly related to this thesis; it rather answers questions that we do not 
(yet) consider in our categorical setting: 

Phoa [Pho93] studies the semantic aspect of a specific translation of PCF to the 
untyped lambda calculus, i.e. the behaviour of this translation and its compatibility with 
respect to reduction in the source and target language. The translation he considers is 
also the one we specify via initiality in Chapt. 9. The main result of this work is that this 
translation is adequate in the sense that a PCF programme reduces to a natural number 
constant n of PCF if and only if its translation into the lambda calculus reduces to the 
corresponding church numeral c n . 

Riecke [Rie93] studies translations from PCF into itself, where source and target are 
equipped with different reduction strategies (cf. Rem. 1.4). We do not consider reduction 
strategies in this thesis. 



1.5.2. Initial Semantics 

We classify work in Initial Semantics according to the features it covers. We are interested, 
in no particular order, in the following features: 

• Typing 

• Variable binding 

• Semantics through (in) equations 

Initial Semantics for untyped syntax without variable binding is a result by Birkhoff 
[Bir35]. Goguen et al. [GTWW77] give an overview of the literature about initial algebra 
and spell out explicitly the connection between initial algebras and abstract syntax. In 
fact, Goguen et al. also treat the example of a programming language with variable 
binding, which they call "Simple Applicative language" (SAL). However, they circumvent 
the algebraic treatment of variable binding by modelling binding through a family of 
unary constructors abs x : exp — * exp where x varies over a fixed set of variables. 
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1.5.2.1. Variable binding 

When looking for an algebraic treatment of variable binding, the question of how to model 
binding arises. Some possible encodings have already been mentioned in Sect. 1.2.3, we 
repeat the list — in no particular order — for reasons of convenience: 

1. Nominal syntax using atom abstraction: 

A : [A]T T 

2. Higher-Order Abstract Syntax (HOAS): 

A : (r — > r) — > r 

and its weak variant: 

A : (A — > r) — > r 

3. Nested Data Types: 

A : T(X + 1) -» T{X) 

In the following, the numbers in parentheses indicate the technique used for modelling 
variable binding in the respective work, according to the list given above. Initial Semantics 
for untyped syntax was presented by Gabbay and Pitts [GP99, (1)], Hofmann [Hof99, 
(2)], Fiore et al. [FPT99, (3)] and Hirschowitz and Maggesi [HM07a, (3)]. 

While Gabbay and Pitts work in a set theory enriched with atoms — which serve as 
object level variables — , Hofmann, Fiore et al. and Hirschowitz and Maggesi use category- 
theoretic notions to formalize syntax. The nominal approach initiated by Gabbay and 
Pitts is the only one among those mentioned that allows for a study of alpha conversion. 
For all others the notion of alpha convertibility and syntactic equality coincide. 

Fiore et al.'s approach is based on the notion of signature functor and S-monoid, 
where the central concept of substitution is expressed in terms of strengths. Hirschowitz 
and Maggesi model substitution through monads, following Altenkirch and Reus' (cf. 
[AR99]) characterization of the untyped lambda calculus as a monad on the category of 
sets. The connection between those two approaches is made precise in Zsido's PhD thesis 
[ZsilO] in form of adjunctions between the respective categories of models. 

Later Gabbay and Hofmann [GH08] exhibit the relation between nominal techniques 
and presheaves, showing that through the nominal approach one considers in fact 
presheaves F that preserve pullbacks of monomorphisms, i.e. presheaves that are stable 
under intersection, F(X C\Y) = FX r\FY . 

Fiore et al.'s approach was extended by Fiore [Fio02] to the simply-typed lambda 
calculus, and for general simply-typed syntax by Miculan and Scagnetto [MS03, (2)]. 
Both use an encoding of binding via nested data types. The relation to Higher-Order 
Abstract Syntax — as "terms with holes" — is made precise in the latter work [MS03, 
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Proposition 1]. Hirschowitz and Maggesi's approach was generalized to simply-typed 
syntax in Zsido's thesis [ZsilO]. It was also generalized to account for more general term 
formers such as explicit flattening /i : T o T — > T [HM12]. 

Some of the mentioned lines of work have been extended to integrate semantic aspects 
in form of reduction relations on terms into initiality results: 



1.5.2.2. Incorporating Semantics 

Ghani and Liith [GL03] present rewriting for algebraic theories without variable binding; 
they characterize equational theories (with a symmetry rule) resp. rewrite systems (with 
rejlexivity and transitivity rule, but without symmetry) as coequalizers resp. coinserters in 
a category of monads on the categories Set resp. Pre. 

Fiore and Hur [FH07] have extended Fiore's work to "second-order universal algebras", 
thus integrating semantic aspects in form of equations into initiality results. In particular, 
Hur's thesis [HurlO] is dedicated to equational systems for syntax with variable binding. 
In a "Further research" section [HurlO, Chap. 9.3], Hur suggests the use of preorders, or 
more generally, arbitrary relations to model inequational systems. 

Hirschowitz and Maggesi [HM07a] prove initiality of the set of lambda terms modulo 
beta and eta conversion in a category of exponential monads. In an unpublished paper 
[HM07b] they introduce the notion of half-equation and equation — as a pair of parallel 
half-equations — that we adopt in this thesis. However, we reinterpret a pair of parallel 
half-equations as an inequation rather than as an equation. Accordingly, we use preorders 
to model semantic aspects of syntax. This emphasizes the dynamic viewpoint of reductions 
as directed equalities — or rewrite rules — rather than the static, mathematical viewpoint 
one obtains by considering symmetric relations. 

However, we consider not (traditional) monads but instead relative monads — on 
the appropriate functor A : Set — » Pre (cf. Def. 2.13) — as defined by Altenkirch et 
al. [ACU10], that is, monads with different source and target categories: we consider 
variables as elements of unstructured sets, whereas the set of terms of a language carries 
structure in form of a reduction relation. In our approach variables and terms thus live in 
different categories, which is realized mathematically through the use of relative monads 
instead of regular monads. 

T. Hirschowitz [Hir] defines a category Sig of 2-signatures for simply-typed syntax with 
reductions, and constructs an adjunction between Sig and the category 2CCCat of small 
cartesian closed 2-categories. He thus associates, to any 2-signature, a 2-category of 
types and terms satisfying a universal property. His approach differs from ours in the way 
in which variable binding is modelled: Hirschowitz encodes binding in a Higher-Order 
Abstract Syntax (HOAS) style through exponentials. Reduction relations are expressed 
by the existence of 2-cells. 
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1.5.3. Formalization of Syntax 

The implementation and formalization of syntax has been studied by a variety of people. 
The PoplMark challenge [ABF + 05] is a benchmark which aims to evaluate readability 
and provability when using different techniques of variable binding. However, the 
benchmark only concerns one specific language, not arbitrary syntax specified by a 
signature. The technique we use, called Nested Abstract Syntax, is used in a partial 
solution by Hirschowitz and Maggesi [HMlOb], but was proposed earlier by others, see 
e.g. [BM98, AR99]. The use of intrinsic typing by dependent types of the meta-language 
was advertised in [BHKM11]. 

During our work we became aware of Capretta and Felty's framework for reasoning 
about programming languages [CF09]. They implement a tool — also in the Coq proof 
assistant — which, given a signature, provides the associated abstract syntax as a data 
type dependent on the object types, hence intrinsically typed as well. Their data type of 
terms does not, however, depend on the set of free variables of those terms. Variables are 
encoded with de Bruijn indices. There are two different constructors for free and bound 
variables which serve to control the binding behaviour of object level constructors. In 
our theorem, there is only one constructor for (free) variables, and binding a variable 
is done by removing it from the set of free variables. Capretta and Felty then add a 
layer to translate those terms into syntax using named abstraction, and provide suitable 
induction and recursion principles. However, they do not consider semantic aspects, such 
as reduction rules, in their work. 

The tool Ott [SNO + 10] allows the specification of syntax and reduction rules, even 
for polymorphic type systems, in a system-independent ASCII file with subsequent 
translation into several different formal systems, including Coq, Isa belle [Pau88] and 
others. However, no algebraic characterization of the produced syntax is given. 

1.5.4. Published Work 

This thesis is partly based on the following articles: 

Initial Semantics for higher-order typed syntax in Coq (with J. Zsido) [AZ11] 

The content of this article corresponds to the contents of Sect. 3.2 and Chapt. 7. 

Extended Initiality for Typed Abstract Syntax [Ahrl2] 

The content of this article corresponds to the contents of Sect. 3.3 and Sect. 3.4. 

Modules over relative monads for syntax and semantics [Ahrll] 

The content of this article corresponds to the contents of Chapt. 4 and Chapt. 8. 



19 



Part I. 
Theory 
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2. Category-Theoretic Constructions 



In this chapter, we first present some basic category-theoretic definitions (cf. Sect. 2.1). 
Afterwards, we review two different definitions of monads and modules over monads (cf. 
Sects. 2.2 and 2.3). Finally, we present relative monads and define colax morphisms of 
relative monads as well as modules over relative monads (cf. Sect. 2.4). 

2.1. Categories, Functors & Transformations 

In order to fix notations, we state some basic definitions of category theory, in particular 
those of category, functor and natural transformation. The examples we give in this sec- 
tion are used in later chapters. The reader might want to skip this section — throughout 
the thesis we link back to the definitions and examples where necessary. 

The present section is not meant to constitute an introduction to category theory, 
nor does it define all of the concepts we use in the course of this work. For both an 
introduction to category theory as well as a reference for notions whose definitions are 
not given in this thesis, we refer to Mac Lane's book [ML98] . 

2.1.1. Two Definitions of Categories 

2.1 Definition (Category, Code 6.3): A category ^ is given by 

• a class — which we will also call ^ — of objects, 

• for any two objects c and d of , a class of morphisms, written ^(c, d), 

• for any object c of , a morphism id c e ^(c, c) and 

• for any three objects c, d, e of , a composition operation 

L°Jc,d,e : W,e) x <€{c,d) ^ «tf(c,e) 

such that the composition is associative and the morphisms of the form id c for suitable 
objects c are left and right neutral with respect to this composition 1 : 

Mabcd: <g,Vf : <€{a,b),g : <€{b,c\h:<€{d,e), (hog)o/ = ho(g of) 
Vc d : <£, V/ : ^(c, d), id d of =f and/ oid c =/ . 

: We omit the "object" parameters from the composition operation, since those are deducible from the 
morphisms we compose. This omission is done in our library as well, via implicit arguments (cf. Sect. 6.2). 
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We also write / : c — * d for a morphism / e ^(c, d). 

2.2 Remark: We omit a fifth condition stating that the classes of morphisms are pointwise 
disjoint. This condition is automatically satisfied when implementing the morphisms of a 
category as a dependent type of an intensional type theory, which we do in Chapt. 6. 

2.3 Remark (Equivalent Def. of Category): Equivalently to Def. 2.1, a category ^ is given 

by 

• a class of objects and a class ^ of morphisms, 

• two maps denoting the source and target object of any morphism, 

src,tgt:«if , 

• a partially defined composition function 

(_o_) : x ^ -> ^ , 

such that go/ is defined only for composable morphisms f and g, i.e. for morphisms 
/ and g such that tgt(/) = src(g) — in which case we require that src(g of) — 
src(/) and tgt(g of) = tgt(g) — , 

• an identity morphism for each object, i.e. a map 

id : * *^>\ 5 
such that src(id(c)) = tgt(id(c)) = c and 

• properties analogous to those of the preceding definition. The associative law, e.g., 
reads as 

Vfgfr tgttf) = src(g)=>tgt(g) = srcCf)=>(hog)o/ =fto(go/) . 

While the two definitions of categories of Def. 2.1 and of Rem. 2.3 are equivalent, they 
both have some advantages and inconveniences when implementing them in a dependent 
type theory such as Coq. We expand on these differences in Sect. 6.3.1. 

2.4 Definition: The category Set has sets as objects. Morphisms from a set A to a set B 
are the total maps from A to B, together with the usual composition of maps. 

Given a category ^ , a morphism / : c — > d from object c to object d is called invertible, 
if there exists a left- and right-inverse g : d — * c, that is, a morphism g : d — > c such that 
g ° f = id c and f ° g = id^. In this case the objects c and d are called isomorphic. 

The following universal property plays a central role in this thesis: 
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2.5 Definition: Let IS be a category. The object c of ^ is called initial if there exists 
precisely one morphism i d : c — » d in to any object d of Sg". 

Any two initial objects of a category ^ are canonically isomorphic. We usually do not 
distinguish canonically isomorphic objects of a category which explains the (standard) 
use of the definite article. Whenever it exists, we also write 0<^ — or simply 0, when the 
category in question can be deduced from the context — for the initial object of . The 
dual concept is that of a terminal object: 

2.6 Definition: Let ^ be a category. The object d of ^ is called terminal if there exists 
precisely one morphism t c : c — > d in ^ from any object c of ^ . 

2.7 Example: The empty set is initial in the category Set of sets. The singleton set is 
terminal in Set. 

Later we also use the following categories: 

2.8 Definition: The category Pre of preorders has, as objects, sets equipped with a 
preorder, and, as morphisms between any two preorders A and B, the monotone functions 
from A to B. 

2.9 Definition: The category wPre has, as objects, sets equipped with a preorder, and, 
as morphisms between any two preordered sets A and B, all set-theoretic maps from A to 
B, not necessarily monotone. 

2.10 Example: Any set T can be regarded as a discrete category, with objects the elements 
of T, and just identity morphisms. 

2.11 Notation Product, Coproduct: We refer to Mac Lane's book [ML98] for the definition 
of product and coproduct. Whenever they exist, we write a x b for the product of objects 
a and b of , and a + b for the coproduct. Notation for arrows is informally explained 
in the following diagrams: 



a >a + b< b a + b 




2.1.2. Functors & Natural Transformations 

Given two categories ^ and 2?, a functor F : — > @ maps objects of to objects of @, 
and morphisms of ^ to morphisms of ®, while preserving source and target as well as 
composition and identity: 
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2.12 Definition: A functor F from ^ to & is given by 

• a map F : <g — > @ on the objects of the categories involved and 

• for any pair of objects (c, d) of , a map 

F (Cjd) : ^{c,d)^®{Fc,Fd) , 

such that 

• Vc : C, F(id c ) = id Fc and 

• V 'c d e : C , V / : c — > d, V g : d — > e, F(gof) = Fg o Ff . 

Here we use the same notation for the map on objects and that on morphisms. For the 
latter we also omit the subscript "(c, d)" as implicit arguments. 

2.13 Definition (Functor A : Set — > Pre and Forgetful Functor): We call A : Set — > Pre 
the functor from sets to preordered sets which associates to each set X the set itself 
together with the smallest preorder, i.e. the diagonal of X, 

A(X):=(X,5 X ). 

In other words, for any x,y e X we have x5 x y if and only if x = y. The functor 
A : Set — > Pre is a full embedding, i.e. it is fully faithful and injective on objects. 

In the other direction we have a forgetful functor U : Pre — > Set which maps any 
preordered set (X, <) to the setX. We have U o A = Ids et - 

2.14 Definition (Natural Transformation): Given two functors F, G : ^ — * 9), a natural 
transformation y : F — » G (also written y : F => G) is given by a family of morphisms 

y c :<3{Fc,Gc) 

indexed by objects of ^ such that, for any morphism / : c — > d in ^ , the following 
diagram commutes: 

Tc 




2.15 Definition (Adjunction): Let ^ and Q) be categories. An adjunction from ^ to © is 
given by 

• a functor F : ^ -> @, 

• a functor G : @ -> ^, 

• a natural transformation 17 : Id<^ — > G o F, called unit, and 
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• a natural transformation e : F o G — * Id @ , called count, 
such that the transformations 

17G Ge Ft] eF 

G GFG — > G , F — -» FGF — > F 

both are the identity transformation. We write F H G for such an adjunction, leaving the 
unit and counit implicit. 

2.16 Remark: The functors F and G as above are adjoint if and only there is a family of 
bijections 

y = {y c4 :®{Fc,d) = <€{c,Gd)) 
indexed by objects c, d e , which is natural in both c and d. 

2.17 Definition (Coreflection) : Let F : ^ — > @ be an embedding, that is, a faithful 
functor which is injective on objects — e.g., the inclusion of a subcategory. Then F is a 
coreflection if it has a right adjoint. 

The following lemma gives an example of a coreflection: 

2.18 Lemma: The forgetful functor U : Pre — * Set is right adjoint to the diagonal functor 
A : Set^ Pre: 



A 




U 



that is, the embedding A : Set — > Pre is a coreflection. We denote by tp the family of 
isomorphisms 

(fx j : Pre(AX, Y) = Set(X, UY) . 
We omit the indices of (p whenever they can be deduced from the context. 

Proof. The unit is given by a family of identity maps r\ x := id x : Set(X, UAX). The 
counit is given by a family of maps e Y ■ Pre(AUY, Y) whose carrier map on UY is the 
identity map on UY. □ 

We later use the following result about left adjoints: 

2.19 Lemma (Left adjoints are cocontinuous): Left adjoints are cocontinuous, i.e. commute 
with colimits. In particular, the image of an initial object under a left adjoint is initial. 

For the proof we refer to Mac Lane's book [ML98, V5.Thm.l]. 
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2.1.3. More Examples, Notations 

The following categories and functors will appear in different places throughout the 
thesis. Again, the reader may skip these examples for the moment; we will point to the 
definitions from the place where they are used. 

2.20 Definition (Category of Families): Let ^ be a category and T be a set, i.e. a discrete 
category (cf. Ex. 2.10). We denote by C € T the functor category, an object of which is a 
F -indexed family of objects of ^ . Given two families V and W, a morphism / : V — * W 
is a family of morphisms in 

f :t^f(t):V(t)^W(t) . 

We write V t := V(t) for objects and morphisms. Given another category @ and a functor 
F : — * 3, we denote by F the functor defined on objects and morphisms as 

2.21 Remark: Given a set T, the adjunction of Lem. 2.18 induces an adjunction 




2.22 Definition (Retyping Functor): Let T and T' be sets and g : T — » T' be a map. Let 
be a cocomplete category. The map g induces a functor 

g* : -> ^ T , W^Wog . 

The retyping functor associated to g : T — > T' , 

g:^ T ^^ T ' , 

is defined as the left Kan extension operation along g, that is, we have an adjunction 




(2.1.1) 



s" 



2.23 Remark Retyping Functor Explicitly, Code 6.6: In the context of Def. 2.22, we define 
the functor 

g:^ 7 ^^ 7 ' , X = t^X t g(X):=t'^> ]_J X t . 

it I g(t)=t'} 
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In particular, for any V e c g T — considered as a functor — we have a natural transfor- 
mation 

V ^> gV o g :T ^ 

given pointwise by the morphism V t — * ]_l{ s \ g (s)=g(t)} i n trie category S^. Put differently 
the map g : T — * T' induces an endofunctor g on ? r with object map 

g(V):=g(V)°g 

and we have a natural transformation ctype — the unit of the adjunction of Disp. (2.1.1), 

ctype : Id => g : ^ T -> ^ T . 

2.24 Remark: One can interpret the map g : T — * T' as a translation of object sorts and 
the functor g as a "retyping functor" which changes the sorts of contexts and terms (or 
more generally, models of terms) according to the translation of sorts. The monads we are 
interested in are monads over some category Set r and our monad morphisms are over 
retyping functors. In Chapt. 3 we interpret the syntax of a language P over a set of types 
T as a monad P over the category Set 7 . Given another language Q over a set of types U, 
we consider a translation from P to Q to be a translation of object types g : T — > U and a 
colax monad morphism P — * Q over the retyping functor g : Set 7 — * Set u (cf. Def. 2.38). 

2.25 Remark about maps on coproducts and pattern matching: In the proof assistant Coq 
we implement retyping (cf. Rem. 2.23) via an inductive family, cf. Code 6.6. In this 
context, passing from the left to the right in the adjunction isomorphism 

C T '{gV,W)^C T {V,g*W) 

is done by precomposing with pattern matching on the constructor ctype, cf. Sect. 9.6. 

2.26 Definition (Pointed index sets): Given a category ^ , a set T and a natural number 
n, we denote by S^ n r the category with, as objects, diagrams of the form 

n T <g , 

written (V,t 1 ,..., t n ) with t ; := t(t)- A morphism h to another such (W, t) with the same 
pointing map t is given by a morphism h : V — > W in C € T . Note that there is are no 
morphisms between families with different points, that is, ^ n T ((V, t), (V*', t')) = if 1 7^ t'. 
Any functor F : C £ T — > @ r extends to F n : ^ -> ^ T n via 

F n (V,t 1 ,...,t n ):=(FV,t 1 ,...,t n ) . 

2.27 Remark: The category < # r consists of T n copies of < € r , which do not interact. Due 
to the "markers" (t 1; . . . , t n ) we can act differently on each copy, cf., e.g., Defs. 2.57 and 
2.59. The reason why we consider categories of this form is explained at the beginning 
of Sect. 3.3 and in Rem. 3.37. 
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Retyping functors generalize to categories with pointed indexing sets; when changing 
types according to a map of types g : T — * U, the markers must be adapted as well: 

2.28 Definition: Given a map of sets g : T — * U, by postcomposing the pointing map 
with g, the retyping functor generalizes to the functor 

g(n) : < -> < , (V, t) ~ (gV, g*(t)) , 

where g*(t) := g ° t : n — » U. 

Finally there is also a category where families of objects of ^ over different indexing 
sets are mixed together: 

2.29 Definition: Given a category ^ , we denote by SfH the category where an object is 
a pair (T, V) of a set T and a family V G c tt? T of objects of ^ indexed by T. A morphism 
(g, fr) to another such (T 7 , W) is given by a map g : T — > and a morphism ft : V — > Wog 

, that is, a family of morphisms in , indexed by T , 

h t : V t - Wtf t) . 

Suppose ^ has an initial object, denoted by 0^. Given n e N, we call n = (n, fc 0^) 
the object of that associates to any 1 < k < n the initial object of ^ . We call 
the slice category n [ 3"^ . An object of this category consists of an object (T, V) G 3' 1 € 
whose indexing set "of types" T is pointed n times, written (T, V, t), where t is a vector 
of elements of T of length n. A morphism (g,K) : (T, V,t) — > (T 7 , V', t/) is a morphism 
(g, ft) : (T, V) -> (T', V') as above, such that t' = t o g. 

We call : — * Set the forgetful functor associating to any pointed family 
(T, V, t x , . . ., t n ) the indexing set T. Note that for a fixed set T, the category ^ (cf. 
Def. 2.26) is the fibre over T of this functor. 

2.30 Remark Picking out Sorts: Let 1 : — » Set denote the constant functor which 
maps objects to the terminal object of the category Set. A natural transformation 
t : 1 — > 3~U n associates to any object (T, V, t) of the category an element of T. 
Naturality imposes that z(T', V', t') = g (t(T, V, t)) for any (g, h) : (T, V, t) (T', V', t'). 

2.31 Notation: Given a natural transformation t : 1 — » <37"L/ n as in Rem. 2.30, we write 

T(r,v,t):=T(r,v,t)Wer , 

i.e. we omit the argument * se ls et of the singleton set. 

2.32 Example: For 1 < k < n, we denote by k : 1 => S"U n : -» Set the natural 
transformation such that V, t) := t(fc). 
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2.2. Monads & Modules 

We state the widely known definition of monad and the less known definition of module 
over a monad, together with their respective morphisms. Modules have been used in the 
context of Initial Semantics by Hirschowitz and Maggesi [HM07a, HMlOa] and Zsido 
[ZsilO]. The monad morphisms we are interested in are, more precisely colax monad 
morphisms, see, e.g., Leinster's book [Lei04]. 

2.2.1. Definitions 

2.33 Definition (Monad): A monad T over a category ^ is given by 

• a functor T : ^ — > (which we denote by the same name as the monad), 

• a natural transformation r\ : Id<^ — » T and 

• a natural transformation /jl : T ° T — > T 

such that the following diagrams commute: 



T 




2.34 Example (List Monad): The functor [_] : Set — » Set which to any setX associates 
the set of finite lists overX, is equipped with a structure as monad by defining r\ and 
as "singleton list" and flattening, respectively: 

VxW ■= M and 

( [[ x l,l> • • •> X l,m 1 ]> ■■■> l x n,l> • • • > x n,mJ]) := [ x l,l> • • • > x l,m^ • ■■i x n,\i •••> x n,mJ- 

2.35 Remark Kleisli Operation (Monadic Bind) : Given a monad (T, r\, /i) on the category 
, the Kleisli operation a is defined, for any a,b e 'g' and / e ^(a, Tb), by setting 

cr aib :V(a,Tb)^V(Ta,Tb) , 
/ ~ Mb ° Tf . 

Indeed, a monad (T, 17, /i) can equivalently be defined as a triple (T, 17, cr) with an adapted 
set of axioms, see Def. 2.65. We often leave the object arguments a and b implicit, i.e. 
we write a{f) := a a h {j). 
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2.36 Example (Monadic Syntax, untyped): Syntax as a monad (in form of a Kleisli 
triple) was presented by Altenkirch and Reus [AR99] : consider the syntax of the untyped 
lambda calculus ULC as given in Ex. 1.2 in Sect. 1.2.1. As mentioned there, the map 
V >-* ULC(V) is functorial, its map on morphisms is given by renaming of free variables. 
This functor is equipped with a monad structure by defining 17 as variable-as-term 
operation 

7j y (v):=Var(v)eULC(V) 

and the multiplication ju : U LC ° U LC — * U LC as flattening which, given a term of U LC 
with terms of ULC(V) as variables, returns a term of ULC(V) by removing a layer of 
intermediate Var constructors. These definitions turn (ULC, 17, pi) into a monad on the 
category Set. The Kleisli operation associated to this monad corresponds to simultaneous 
substitution [AR99]. 



2.37 Example (Monadic Syntax, typed): Consider the syntax of the simply-typed lambda 
calculus as defined in Ex. 1.3. The map 



TLC : Set rTLC Set rTLC , V -» TLC(V) , 



associating to any set family V the family of lambda terms with free variables in V, is 
the object map of a functor. Similarly to the untyped lambda calculus (cf. Ex. 2.36), the 
natural transformations 17 : Id — * TLC and [jl : TLC ° TLC — > TLC are defined as variable- 
as-term operation and flattening, respectively. These definitions turn (TLC, 17, ju) into a 
monad on the category Set TTLC . 

Our definition of colax monad morphisms and their transformations is taken from 
Leinster's book [Lei04] : 

2.38 Definition (Colax Monad Morphism): Let (T, 17, /i) be a monad on the category ^ 
and {T' , r\' , //) be a monad on the category &. A colax morphism of monads , T) — > 
(@, 7*') is given by 

• a functor F : ^ — > ® and 

• a natural transformation y : FT — > T'F as in 
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such that the following diagrams commute: 



FTT 
FT - 



Y T 



> f'ff 



-¥ T'F, 



F 

FT 



rj'F 

-¥ T'F. 



From now on we simply say "monad morphism over F" when speaking about a colax 
monad morphism with underlying functor F. 

2.39 Definition (Composition of Monad Morphisms) : Suppose given a monad morphism 
as in Def. 2.38. Given a third monad {T" , 1)" , //') on category 8 and a monad morphism 
(F',y') : (T',7]',n') -» (T",r\",n"), we define the composition of (F, y) and (F',/) 
to be the monad morphism given by the pair consisting of the functor F'F and the 
transformation 

F'FT ——^ f't'f — t"f'f . 

The verification of the necessary commutativity properties is done — for the equivalent 
definition given in Def. 2.69 — in the Coq library, cf. colax_ Monad Hom comp. 

2.40 Definition (Transformation): Given two morphisms of monads 

{F,y),(F',y'):{<€,T)^{®,T') , 

a transformation (F, y) — » {F 1 , y') is given by a natural transformation /3 : F => F' such 
that the following diagram commutes: 



FT 



-> T'F 



T'P 



F'T 



A 2-category is a category with "morphisms between morphisms". We refer to Mac 
Lane's book [ML98] for the definition. 

2.41 Definition (2-Category of Monads, [Lei04]): We call Mnd colax the 2-category an 
object of which is a pair {% ' , T) of a category ^ and a monad T on A morphism to 
another object (2?, T') is a colax monad morphism (F, y) : , T) — » (@, F'). A 2-cell 
(F, y) => (F', y') is a transformation. 



2.42 Notation: For any category ^ , we write Id^ for the object (^Jd) of Mnd colax . 



33 



2. Category-Theoretic Constructions 



We are interested in modules over monads. These are particular monad morphisms 
whose codomain is the identity monad on some category 2 . Modules and, more specifically, 
their morphisms, capture the distributivity of substitution over the constructors of a 
language, cf. Ex. 2.47 and Ex. 2.74. 

2.43 Definition (Module over a Monad): Given categories ^ and 2? and a monad T 
on c <t> ', a module over T with codomain 2? (or T-module towards 2?) is a colax monad 
morphism (M, y) : [% ', T) — > (2?, Id^) from T to the identity monad on 2?. Given parallel 
T-modules M and N, a morphism of modules from M to N is a transformation from M to 
N as in Def. 2.40. We denote the category of T-modules towards 2? by 

Mod(T, 2?) := Mnd coIax ((^, T), (2?, Id)) . 

Before giving some examples of modules over monads, we state a more explicit definition 
of modules: 

2.44 Remark (Modules and their Morphisms, explicitly [HM07a]): By unfolding the 
preceding definition and simplifying, we obtain that a T-module towards Si is a functor 
M : ^ — » 2? together with a natural transformation u : MT ^ M such that the following 
diagrams commute: 

MTT -^—t MT M 

MT - ) M, MT—-^M. 

Such a module can hence be regarded as a kind of generalized monad over a functor 
that is not necessarily an endofunctor; indeed, this is our intuition behind modules. 
In particular, every monad gives rise to a module over itself, the tautological module 
(cf. Def. 2.48). Furthermore, the category of modules Mod(T, 2?) allows for products, 
provided the target category 2? is equipped with a product. 

A morphism of T-modules from (M, cr) to (M', cr') then is given by a natural transfor- 
mation 13 : M => M 1 such that the following diagram commutes: 




MT —^M'T 



M 



-> M' . 



We anticipate the constructions of the next section by giving some examples of modules: 

2 The characterization of modules over monads as particular colax monad morphisms is due to an anony- 
mous referee, whom I hereby thank for his helpful comments. 
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2.45 Example (Tautological Module, Ex. 2.36 cont.): Any monad T on a category ^ can 
be considered as a module over itself, the tautological module (cf. Def. 2.48). In particular, 
the monad of the untyped lambda calculus ULC (cf. Ex. 2.36) is a ULC-module with 
codomain Set. 

2.46 Example: The map 

ULC' : V —> ULC(V') , 

with V' := V + 1, inherits the structure of a ULC-module from the tautological module 
ULC — we obtain the derived module (cf. Sect. 2.2.3.1) of the module ULC. Also, the 
map 

ULC x ULC : V -» ULC(V) x ULC(V) 
inherits a ULC-module structure, cf. Def. 2.53. 

The constructors of our example languages are, accordingly, morphisms of modules: 

2.47 Example (Ex. 2.46 cont.): The map 

V -» App y : ULC(V) x ULC(V) -» ULC(V) 

satisfies the diagram of Rem. 2.44 and is hence a morphism of ULC-modules from 
ULC x ULC to ULC. The map 

V -» Abs v : ULC(V') -» ULC(V) 

is a morphism of ULC-modules from ULC 7 to ULC. Later we consider this example using 
an alternative definition of module morphism (cf. Def. 2.73) and explain in detail the 
meaning of its commutative diagrams for the constructors App and Abs, cf. Ex. 2.74. 

2.2.2. Constructions on Monads and Modules 

We present some constructions of modules which will be used in the next section. They 
were previously defined in Zsido's thesis [ZsilO] and works of Hirschowitz and Maggesi 
[HM07a, HMlOa]. 

2.48 Definition (Tautological Module) : Given a monad , T), we call (T, \i T ) (or simply 
T) the tautological module (T,^ T ) : , T) -» (^Id). 

2.49 Definition (Constant and Terminal Module): Given a monad (S^, T) and a category 
@ with an object de9, the constant functor F d : — > & mapping any object of to 
d e @ and any morphism to the identity on d yields a module 

(F d ,id):(^,r)^(@,Id) . 

In particular, if @ has a terminal object 1$, then the constant module (F ls) ,id) is terminal 
in Mod(r,®). 
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2.50 Remark: Given a monad ', T), a F-module (M, cr) with codomain category @ 
and a functor F : @ — » then the pair (F o M,Fcr) is a F -module with codomain 
category 8 . For (M, cr) := (T, /i T ) and F := F e for some e e <? one obtains the constant 
module as above. 

2.51 Definition (Pullback Module): Let (<g,T) and (®,T') be monads over and 
@, respectively. Given a morphism of monads (F, y) : , T) — > (f$,T') and a T'- 
module (M, cr) with codomain we call pullback of M along (F, y) the F-module 
(F, r )*(M,c7):=(M,c7)o(F,r). 

2.52 Definition (Module Morphism induced by a Monad Morphism): With the same 
notation as in the previous example, the monad morphism (F, y) induces a morphism of 
T-modules — which we call y as well — 

r :(Fid)or^>(F r nr / )Mr ) 

as in 




(®,Id) 

Note that the above diagram can be read as a structure-enriched version of the square 
diagram specifying the type of y in Def. 2.38. 

2.53 Definition (Product Module): Suppose the category & is equipped with a product. 
Given any monad {% ' , T), the product of & lifts to a product on the category Mod(T, ®) 
of F-modules with codomain @. 

2.2.3. Monads on Set Families 

We are particularly interested in monads over families of sets and monad morphisms 
over retyping functors. 

2.2.3.1. Derivation 

Roughly speaking, a binding constructor makes free variables disappear. Its inputs are 
hence terms "with (one or more) additional free variables" compared to the output, i.e. 
terms in an extended context. Context extension is captured mathematically by derivation: 
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let T be a set and u e T an element of T. We define D(iz) to be the object of Set such 
that 

D(u)(u) = {*} and D(u)(t) = for t 7^ u . 
We enrich the object V of Set r with respect to u by setting 

V* u :=V+D(u) , 

that is, we add a fresh variable of type u. This yields a monad (_)*" on Set r . 

2.54 Definition (Derivation Monad Morphism): Given any monad P on Set r , we define 
a monad endomorphism on P over the functor V <-> V* u . On a set family V e Set 7 its 
natural transformation y is defined as the coproduct map 

Yv := [P(inl), rj o inr] : (PV)* U -> P(V* U ) , (2.2.1) 

where [inl, inr] = id : V* u -> V* u . 

2.55 Definition: Given a monad P over Set r and a P-module M, we call M" the module 
obtained as the composition M o (_)*". 

2.56 Example: We consider TLC (cf. Ex. 2.37) as the tautological module over itself. 
Given any element s e IYlo tne derived module with respect to 5, 

TLC : V -» TLC(V* S ) , 

assigns to any type family V — the context — the type family of terms of TLC over V 
enriched with one additional variable of sort s. 

More generally, given a natural transformation as in Rem. 2.30, 

t : 1 => 5"U n : 3~Set n -> Set , 

we can derive, with respect to t, any module defined on a category of the form Set for 
any set T : 

2.57 Definition (Derived Module): Let t : 1 — * SFU n be a natural transformation. Given 
a set T and a monad P on Set£, the functor : (T, V, t) (T, v* T ( r . v . t ) ) t ) [ s g i ven t h e 
structure of a morphism of monads as in Disp. (2.2.1). Given any P-module M, we call 
derivation of M with respect to t the module M T := M o (_)* T . 

2.58 Remark: In the preceding definition the natural transformation t : 1 — * !?U n 
supplies more data than necessary, since we only evaluate it on families of sets indexed 
by the fixed set T. However, in Sect. 3.3 we derive different modules — each defined 
on a category Set^ with varying sets T — with respect to one and the same natural 
transformation t. 
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2.2.3.2. Fibres 

Given a typed language over a nonempty set of types T, we occasionally want to pick 
terms of a specific type u eT. Let ® be a category — think of & as the category Set — 
and V e @ r a T -indexed family, e.g., of terms of said language. Then picking "terms of 
type u e T" corresponds to projecting to the fibre V(u). 

Given a monad P on a category ^ and a P-module M towards @ T , we define the fibre 
module of M with respect to u e T to be the module which associates the fibre M(c)(u) to 
any object ce^ 1 . This construction is expressed via postcomposition with a particular 
module: we define the fibre with respect to u e T to be the monad morphism 

(UOO.id) :(® r ,Id)^(®,Id) 

over the functor V >-» V(u). Postcomposition of the module M with this module then 
precisely yields the fibre module [M] u of M with respect to u e T. Analogously to 
derivation we define the fibre with respect to a natural transformation: 

2.59 Definition (Fibre Module): Let the natural transformation t be as in Def. 2.57. We 
call fibre with respect to t the monad morphism 

Ut : v * v ^v) ■ (®„ r , Id) -» (@, Id) 

over the functor V —> V r r v y Given a module M towards @J (over some monad P), we 
call the^tbre module of M with respect to t the module [M] T := (_) T ° M. 

2.60 Example: We consider TLC as the tautological module over itself. Given any 
element t G 9", the fibre module with respect to t, denotes the set of terms of TLC of 
type t in context V: 

[TLC] t : V -» TLC(V) t . 

2.61 Example: Consider the monad TLC : Set rTLC -> Set TTLC of Ex. 2.37. The two 
operations of derivation (cf. Ex. 2.56) and fibre (cf. Ex. 2.60) can be combined, yielding 
a module over TLC with carrier 

V -» TLC t (V) := TLC(V* s ) t . 

This module is actually the domain module of the abstraction constructor, cf. Ex. 2.62. 
The product of modules yields our final example: for any s,te Tj\_q, the domain of the 
application App(s, t) of simply-typed lambda calculus is a module over TLC, 

[TLCU t x [TLC] S : V ~ TLC(VU t x TLC(V) S . 

2.62 Example (Ex. 2.61 cont.): Given s,te Ttlo tne ma P 

App( 5 , t) : V App y ( 5 , t) : TLC(V) s ^ t x TLC(V) S - TLC(V) t 
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satisfies the diagram of the preceding definition and is hence a morphism of modules. In 
the same way the constructor Abs(s, t) is a morphism of modules; we have 

App(s,r) : [TLCU t x [TLC] S - [TLC] t 
Abs(s,r):[TLC s ] t ^[TLCU t . 

The pullback operation commutes with products, derivations and fibres: 

2.63 Remark: Let (^,P) and (2?,Q) be monads, and let p : P — * Q be a monad mor- 
phism. Let M be a Q-module with codomain 8. Suppose T is a set, and let u e T be an 
element of T. 

1. More specifically, let Q be a monad on Set r . Then 

p*(M u ) = (p*Mf . 

2. More specifically, let 8 = ^ T . Then 

P*[M] u = [p*M] u . 

3. Let N be another Q-module with codomain 8 and suppose 8 is equipped with a 
product. Then the pullback functor is cartesian: 

p*(M x lV) = p*M x p*N . 

The first two properties are just instances of associativity of composition of monad 
morphisms. 

2.64 Remark: In Coq the equality of modules is not as trivial as in informal mathemat- 
ics, since there are two different notions of equality: definitional equality, also called 
convertibility, and propositional equality. While the latter is to be proved by the user, the 
former is computed by the system and thus cannot be influenced by the user. 

While the above equalities of Rem. 2.63 hold propositionally (using appropriate axioms, 
such as proof irrelevance), they do not hold definitionally The consequences of this lack 
of definitional equality are discussed in Sect. 7.1.2. In summary, in our formalization, 
monads, modules and module morphisms behave more like in a bicategory rather than in 
a strict 2-category. 

2.3. Alternative Definitions for Monads & Modules 

Monads can be defined in terms of the Kleisli operation (cf. Rem. 2.35) instead of the 
natural transformation ju of Def. 2.33. A similar alternative definition exists for modules. 
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In this section we state those alternative definitions in full detail, for several reasons: 
firstly, the alternative definition of monad is well-known for its prominent use in the 
Haskell programming language. Secondly, it is also the definition we chose to implement 
in the proof assistant Coq. Furthermore, it is also this alternative definition which 
generalizes to relative monads (cf. Def. 2.75), that is, monads that are not necessarily 
endofunctors. 

2.65 Definition (Alt. Def. for Monad (Def. 2.33), Code 6.10): A monad T over a category 
^ (in Kleisli form) is given by 

• a map T : ^ — > on the objects of ^ , carrying the same name as the monad, 

• for each object c of , a morphism r\ c e ^(c, Tc) and 

• for all objects c and d of ^ , a Kleisli map 

a c4 : <€{c, Td) -> <g(Tc, Td) 
such that the following diagrams commute for all suitable morphisms / and g: 




We also refer to the Kleisli map as "substitution map": when is instantiated, for 
example, by the category of sets and TX is a set of terms with free variables in the set 
X, then simultaneous substitution as Kleisli map turns T into a monad. In this case the 
diagrams express the well-known substitution properties [AR99]. More precisely, the 
first diagram determines the value of substitution on variables, the second diagram states 
that substituting each variable by itself in a term does not change the term, and the 
third diagram shows how two consecutive substitutions can be expressed by just one 
substitution. Inspired by Haskell syntax, we frequently use the infixed symbol »= to 
denote simultaneous substitution (or more generally, Kleisli maps) : given a term M e TX 
with free variables in X and / : X — * TY , then 

M»=/ := cr(/)(M) 

denotes the term obtained by replacing any free variable x GX occurring in M by its 
image /(x) e TY, yielding a term in TY. 

The following remarks recover the definition of monad given in Def. 2.33 from the 
definition of Def. 2.65. 
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2.66 Remark Functoriality for Monads in Kleisli Form, Code 6.11: Given a monad T over 
^ as in Def. 2.65 and a morphism / : c — * d in , we equip T with a functorial structure 
by setting 

Tif):=m T if):=a^ d of) . 

2.67 Remark Naturality of r\ and Multiplication for Monads in Kleisli form: Given a 
monad in Kleisli form T, the family of morphisms tj = (rj c : ^(c, Tc)) ce cg is natural with 
respect to the functorial structure defined in Rem. 2.66. A multiplication /i, : T 2 — > T can 
be defined as substitution with identity: 



fj, c 



cr(id Tc ) : TTc — > Tc 



Naturality of /j is a consequence of the axioms for monads in Kleisli form. Finally, 
the monad multiplication /i thus defined is compatible with the unit r\ in the sense of 
Def. 2.33. 

2.68 Remark Naturality of Substitution: Given a monad in Kleisli form T over , then 
its substitution a is natural in c and d. For naturality in c we check that the diagram 



c ^(c, Td) 
f f 
c' <g(c',Td)- 



-> ^{Tc,Td) 

(Tff 

-> ^(Tc',Td) 



commutes, where /*(7i) :—hof. Given g e ^(c', Td), we have 

o-(g) o 7*/ = cr(g) o cr(i7 c / o/) 
= cr(cr(g) o rj c / o/) 
= 0"(g°/) , 

where the numbers correspond to the diagrams of Def. 2.65 used to rewrite in the 
respective step. Similarly we check naturality in d. Writing h*(g) := h o g, the diagram 



("0, 

d' <g(c',Td) — 
commutes: given g e ^(c, Td), we have 



-> ^(rc, rd) 

(Tfl), 

■4 <€{Tc',Td) 



Th o cr(g) = cr(T/ d / o h) o cr(g) 

= o"(o"(rj d ' o h) o g) 
= u{Thog) . 
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2.69 Definition (Morphism of Monads, Alt. to Def. 2.38, Code 6.12): Let (<g,T) and 
(@, T') be two monads. A colax morphism of monads t : T — > T' is given by 



• a functor F : — * @ and 

• for any ce?,a morphism t c : FTc — > T'Fc 



such that the following diagrams commute for all suitable morphisms / : 



FTc 



-> FTd 



T'Fc 



■-d 




>FTc 



2.70 Remark: Naturality of the family (T c ) cg ^ of a colax morphism of monads as in the 
preceding definition is provable from the other axioms, yielding a natural transformation 

t : FT — > T'F . 

Here we use Rem. 2.66 by considering T and T' as functors. The naturality of t is proved 
in Lemma colax_Monad_Hom_NatTrans in the Coq library. 

2.71 Definition (Module, Alt. to Rem. 2.44, Code 6.14): Let S> be a category. A module 
M over T with codomain & is given by 

• a map M : — » ® on the objects of the categories involved and 

• for all objects c, d of S^, a map 

<j c d : ^(c, Td) ®(Mc,Md) 
such that the following diagrams commute for all suitable morphisms / and g: 

Mc )-Md 




Me, 




Mc. 



2.72 Remark: Functoriality for such a module M is defined similarly to that for monads: 
for any morphism / : c — » d in we set 



M(/):=mlift M (/):=?(r ? r o/) 
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A module morphism is a family of morphisms that is compatible with module substitution: 

2.73 Definition (Module Morphism, Alt. to Rem. 2.44, Code 6.15): Let M and N be two 
modules over T with codomain @. A morphism of T-modules from M to N is given by 
a family of morphisms p c e Qi(Mc,Nc) such that for all morphisms / e ^(c, Td) the 
following diagram commutes: 



Mc 



*Md 



iVc 



Pel 



A module morphism M —> N also constitutes a natural transformation between the 
functors M and IV induced by the modules, cf. Module Hom_NatTrans. 

2.74 Example (Ex. 2.47 cont.): We consider Ex. 2.47 under the alternative definition of 
module morphism. The map 

V -» App y : ULC(V) x ULC(V) -» ULC(V) 

satisfies the diagram of the preceding definition and is hence a morphism of ULC- 
modules from ULC x ULC to ULC. The property of being a module morphism expresses 
distributivity of substitution for any substitution map / : X — * ULC(y): 



App(M,iV)>^/ = App(M »=/ 3 JV »=/) • 

Similarly, the map 

V ~ Abs v : ULC(V0 -» ULC(V) 

is a morphism of ULC-modules from ULC to ULC. For / :X — > ULC(7) as before, the 
commutative diagram here expresses the equation 



Abs(M)>^/ = Abs(M >=/'), 

where f :X' ^ ULC(Y0 is obtained by shifting the map / to account for the extended 
context under the binder Abs. 



Modules on P with codomain & and morphisms between them form a category called 
Mod(P, ®) (in the library: MOD P D), similar to the category of monads. 
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2.4. Relative Monads and Modules 



The functors underlying the monads presented in the preceding section all are endo- 
functors. This is enforced by the type of monadic multiplication and substitution. Relative 
monads were defined by Altenkirch et al. [ACU10] to overcome this restriction. One of 
their motivations was to consider the untyped lambda calculus over finite contexts as 
a monad-like structure — similar to the monad structure on the lambda calculus over 
arbitrary contexts exhibited by Altenkirch and Reus [AR99]. 

We review the definition of relative monads and define suitable colax morphisms 
of relative monads. Afterwards we define modules over relative monads and port the 
constructions on modules over monads (cf. Sects. 2.2.2 and 2.2.3) to modules over 
relative monads. 

2.4.1. Definitions 

We review the definition of relative monad as given by Altenkirch et al. [ACU10] and 
define suitable morphisms for them. As an example we consider the lambda calculus as a 
relative monad from sets to preorders, on the functor A (cf. Def. 2.13). Afterwards we 
define modules over relative monads and carry over the constructions on modules over 
regular monads of the preceding section to modules over relative monads. 

The definition of relative monads is analogous to that of monads in Kleisli form (cf. 
Def. 2.65), except that the underlying map of objects is between different categories. 
Thus, for the operations to remain well-typed, one needs an additional "mediating" 
functor, in the following usually called F, which is inserted wherever necessary: 

2.75 Definition (Relative Monad, [ACU10], Code 6.16): Given categories and ® and 

F 

a functor F : — » @, a relative monad P : ^ — » @ on F is given by the following data: 

• a map P : ^ — > 2? on the objects of ^ , 

• for each object c of , a morphism r\ c e Si(Fc,Pc) and 

• for each two objects c, d of ^ , a substitution map 



such that the following diagrams commute for all suitable morphisms / and g: 



a c d : @(Fc, Pd) -> @(Pc, Pd) 



Fc 



Pc 



Pc 
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2.76 Example (Lambda Calculus over Finite Contexts, [ACU10]): Altenkirch et al. 
[ACU10] consider the untyped lambda calculus as a relative monad on the functor 
J : Fin skel — > Set. Here the category Fin skel is the category of finite cardinals, i.e. the 
skeleton of the category Fin of finite sets and maps between finite sets. 

2.77 Remark: Relative monads on the identity functor Id : ^ — » ^ precisely correspond 
to monads as presented in Def. 2.65. 

2.78 Notation: For this section we reserve the term "monad" for monads as defined 
in Def. 2.65, and explicitly state the "relative" when talking about relative monads. In 
later sections we sometimes omit the attribute "relative" and instead refer to traditional 
monads (i.e. with F = Id) as regular or plain monads. 

2.79 Remark Restricting a Monad yields a Relative Monad, [ACU10]: Given a monad 
T on 9 and a functor F : ^ — * 9, then the monad T restricts to a relative monad 
T : ^€ — » 9 by precomposing with F . 

2.80 Remark Relative Monads are /tinctorial, Code 6. 1 7: Given a monad P over F : ^ — > 
9 and a morphism / : c — > d in ^ , a functorial structure (rlift) for P is defined by setting 

P(/):=lift P (/):=(j(r ? oF/) . 
The functor axioms are easily proved from the monadic axioms. 

2.81 Remark Relative Monads as Monoids in a Functor Category, [ACU10]: A monad 
[T, rj, ijl) over a category ^ is the same as a monoid object in the functor category , c €], 
where the monoidal structure is given by functor composition. Altenkirch et al. [ACU10] 
recover a similar characterization for relative monads on a functor F : — > 9, provided 
that the left Kan extension along F, 

Lan F : -* [9,9] , 

exists: they define a lax monoidal structure on , 9] by 

(• F ) : [^, 9] x [^, 9] -> [^, 9] 

(H, G) i— > H - F G := Lan F H o G . 

They then show that relative monads on F correspond precisely to lax monoid objects in 
([^, 9], • ). Besides, they show that under some coherence conditions, this result can be 
sharpened to obtain a strict monoidal structure, where relative monads correspond to 
proper monoids with respect to this structure. Under the same assumptions, a relative 
monad P on F : ^ — > 9 can be extended to a traditional monad on 9, yielding an 
adjunction (_)" H This adjunction furthermore is a coreflection. 
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2.82 Remark Naturality of Substitution: Analogously to Rem. 2.68, the substitution 
a = (cr c d ) of a relative monad P on a functor F : ^ — > 2? is binatural. 

We are interested in monads on the category Set of sets and relative monads on 
A : Set — * Pre as well as their relationship: 

2.83 Lemma (Relative Monads on A and Monads on Set): Let P be a relative monad on 
A : Set — * Pre (cf. Def. 2.13). By postcomposing with the forgetful functor U : Pre — » Set 
we obtain a monad 

UP : Set -» Set . 
The substitution is defined, for m : X — > UPY by setting 

Ua :m<-*U (a (<^ -1 mJJ , 

as indicated by the diagram 

Set(X, UPY) — ► Set(UPX, UPY) 

u 

Pre(AX, PY) > Pre(PX, PY) 

making use of the adjunction ofLem. 2.18. 

Conversely, to any monad T over Set, given as a Kleisli triple, we associate a relative 
monad over A by postcomposing with A. The substitution map Act is defined, for m : 
AX — > ATY, as the following composition: 

Pre(AX, ATY) — ► Pre(ATX, ATY) 

u 

Set(X, TY) > Set(TX, TY) 

The maps thus defined are object functions of an adjunction between monads on sets and 
relative monads on A, cf. hem. 4.5. 

The above construction actually is an instance of a more general construction: 

2.84 Lemma (Monads from Relative Monads and conversely): Let F : z± @ : G be an 
adjunction with a family of isomorphisms 

ipxj ■ ®(FX, Y) = V(X, GY) : ^ . 

F 

1. Given a relative monad P : ^ — * 2i with unit 17 and substitution a, we define a 
monad P + on by setting 
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P + (c) := GPc, 

17+ := v>(tj c ) : ^(c, GPc) and 
cr+ d (/):=G(cr( V - 1 (/))). 

2. Let furthermore GF = Id be the identity on c &. Given a monad (P, 17,(7) on ^ we 

_ f 

de/tne a relative monad P : ^ — > @ by setting 

p-(c) :=FPc, 
tj- :=F(tj c ) and 
(T- d := (^ _1 (cr(G/)). 

Proo/. We check the commutativity of the corresponding diagrams: 

1. for the data (P + , r] + , cr + ): 

• cr + (/) ° 17c = GCcrC^" 1 /)) ° ¥>(f? c ) = VC^O" 1 / ) ° Vc) = = / 

• o- + (tj+) = GCaC^-H^CrjJ))) = G((t(tj c )) = Gid = id 
• 

cr + (g) o cr + (g) = Gcr(/? _1 g o Gcri/T 1 / 

= G(o^- 1 g)oa{y- 1 f)) 
= G(>(c7(^- 1 g)o ¥ >- 1 /)) 
= G(cr((^- 1 (G(cr( V - 1 g))o/))) 

= a + (cr + (g)o/) 



2. for the data (P ,17 , a ): 

• o--(/) o r}~ = y-\a(Gf)) o Fr? c = <p-\a(Gn ° *?c) = V _1 (G/) = / 

• cr-(Tj c ") = ^-HcrCG??;)) = e FPC o F(ct(GFtj c )) = e fPc o F(ct(tj c )) = e fPc o 
Fid = id 
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a O gof) = <p 1 (o-(G(a go/))j 
= V _1 (o"(Gcr"goG/)j 

= V^OOGgoG/)) 
= (^ _1 (crGg o crGf) 
= e F o F{crGg o crG/) 
= e F o FaGg o FoGf 
= e F o FaGg ° e F ° FoGf 
= (/? _1 crGg o ip~ l oGf 
= a~goa~f 

□ 

This construction is functorial, and yields an adjunction between a category of monads 
on ^ and relative monads on F. Details will be reported elsewhere. 

2.85 Example (Lambda Calculus as Relative Monad on A): Consider the set of all 
lambda terms indexed by their set of free variables as defined in Ex. 1.2. We write XM 
and MN for AbsM and AppMN, respectively. We equip each ULC(V) with a preorder 
taken as the reflexive-transitive closure of the relation generated by the rule 

(AM)iV < M[* :=N] 

and its propagation into subterms. This defines a monad ULC BETA from sets to pre- 
orders over the functor A, 

(JLCp : Set A Pre. 

The family r/ ULC is given by the constructor Var, and the substitution map 

o XJ : Pre(A(X),ULC^(Y)) - Pre(ULC /3 (X), ULC^Y)) 

is given by capture-avoiding simultaneous substitution. Via the adjunction of Lem. 2.18 
the substitution can also be read as 

a XiY : Set(X, ULC(Y)) -» Pre(ULC (3 (X), ULC^Y)) . 

2.86 Remark about Substitution: The substitution in Ex. 2.85 is compatible with the 
order on terms in the following sense: 

1. M < N implies M[* :-A] <N[* :-A] and 
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2. A< B implies M[*:=A] <M[*:=B]. 

The first implication is a general fact for any relative monad P on A: it is a special case 
of a x y(/) being a morphism in the category Pre for any / e Pre(AV, PW). The second 
monotony property, however, is false in general. As an example, consider the monad 
given by 

F(V)::= Var:V^F(V) 
I 1:W 

| (=»):F(V)XF(V)-»F(V) 

equipped with a preorder which is contravariant in the first argument of the arrow 
constructor =>. Substituting in this position, the first argument of (=>), does in fact 
reverse the order on terms, i.e. we obtain (using => infixed) 

A< B implies (* => M)[* := B] < (* => M)[* := A] . 

A different definition of monad which would enforce the second implication to hold — 
and hence not include the example F — can be given easily by considering Pre as a 
2-category enriched over itself: given morphisms /,ge Pre(X, Y) we say that there is 
precisely one 2-cell 

/=>g iff f<g iff Vx:X,fW<g(x) . 

A monad P would then have to be equipped with a substitution action that is given, for 
any two sets V and W, by a functor (of preorders) 

cr v>w : Pre(AV, PW)^ Pre(PV,PW) . 

Definition 2.110 explains one of the consequences of our monadic substitution lacking 
"higher-order monotonicity". 

We generalize the definition of colax monad morphisms to relative monads: 

2.87 Definition (Colax Morphism of Relative Monads, Code 6.18): Let P : -> ® and 

Q : c € l — * &' be two relative monads. A colax morphism of relative monads from P to Q 
is given by a quadruple (G, G',N, t) consisting of a functor G : — > c € l and a functor 
G' : & — > D' as well as a natural transformation AT : F'G — > G'F as in 





> 3'. 

F 
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and a natural transformation t : G' ° P — » Q o G as in 

p 




such that the following diagrams commute for all suitable morphisms / : 



G'a p (f) 

G'Pc ——^ G'Pd F'Gc 



QGc 



a Q (z d oG'foNc) 



>QGd 




>G'Pc 



QGc. 



2.88 Remark: Naturality of t in the preceding definition is actually a consequence of 
the commutative diagrams of Def. 2.87, cf. Lemma colax_RMonad_Hom_NatTrans in 
the Coq library. 

2.89 Remark: In Chapt. 5 we are going to use the following instance of the preceding 
definition: the categories ^ and c € l are instantiated by Set T and Set r , respectively, for 
sets T and T'. The functor G is the retyping functor (cf. Rem. 2.23) associated to some 
translation of types g : T — * T 1 . Similarly, the categories @ and Qi' are instantiated by 



Pre J and Pre r , and the functor F by 



F := A T : Set 7 



Pre T , 



and similar for F 1 : 




Given a monad P on F : 
monadic substitution: 



1, the notion of module over P generalizes the notion of 



2.90 Definition (Module over a Relative Monad, Code 6.19): Let P : ^ -» 9 be a relative 
monad and let 8 be a category. A module M over P with codomain 8 is given by 
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• a map M : ^ — » <? on the objects of the categories involved and 

• for all objects c, d of S^, a map 

g c d : ®{Fc,Pd) -» ^(M^Md) 
such that the following diagrams commute for all suitable morphisms / and g: 



fCf) 




Mc 



Me 




Mc. 



A functoriality (rmlift) for such a module M is then defined similarly to that for monads: 
for any morphism / : c — * d in ^ we set 

M(/):=rmlift M (/):= C (rjoF/) . 

The following examples of modules are instances of constructions explained in the next 
section: 

2.91 Example (Ex. 2.85 cont.): The map ULC^ : V -» ULC^V) yields a module over 
the relative monad ULC^, the tautological module ULC^. 

2.92 Example: Recall that V' := V + 1. The map ULC^ : V -» ULC^V') inherits the 
structure of an ULC^-module from the tautological module ULC^ (cf. Ex. 2.91). We call 
ULC^ the derived module of the module ULC^; cf. also Sect. 2.4.2. 

2.93 Example: The map V <-* ULC^CV) x ULC^(V) inherits a structure of an ULC^- 
module from the tautological module ULC^. 

A module morphism is a family of morphisms that is compatible with module substitu- 
tion in the source and target modules: 

2.94 Definition (Morphism of Relative Modules, Code 6.20): Let M and N be two 

F 

relative modules over P: "tf —> 9i with codomain 8. A morphism of relative P-modules 
from M to N is given by a collection of morphisms p c e 6>{Mc,Nc) such that for all 
morphisms / e $i(Fc,Pd) the following diagram commutes: 



Mc 



Nc 



*Md 



^Nd. 
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The modules over P with codomain 8 and morphisms between them form a category 
called R Mod (P,8) (in the digital library: RMOD P E). Composition and identity mor- 
phisms of modules are defined by pointwise composition and identity, similarly to the 
category of monads. 

2.95 Example (Ex. 2.91, 2.92, Ex. 2.93 cont.): Abstraction and application are mor- 
phisms of ULC^-modules: 

Abs: ULCp^ULCp , 
AppiULC^xULCp^ULCp . 

2.4.2. Constructions on Relative Monads and Modules 

The following constructions are analogous to those of Sect. 2.2.2. 

2.96 Definition (Tautological Module): Every monad P on F : ^ — * & yields a module 
(P cr p ) — also denoted by P — over itself, i.e. an object in the category RMod(P, ®). 

2.97 Definition (Constant and Terminal Module): Let P be a monad on F : ? -> @. For 
any object e e 8 the constant map T e : — > 8, c >-* e for all c e ^ , is equipped with the 
structure of a P-module by setting q c d (J) = id e . In particular, if 8 has a terminal object 
l g , then the constant module T lg : c —> l s is terminal in RMod(P, 8). 

2.98 Definition (Postcomposition with a functor): Let P be a monad on F : ^ -> @, and 
let M be a P-module with codomain 8. Let G : 8 — * X be a functor. Then the object 
map G o M : ^ — > 2£ defined by c >-* G(M(c)) is equipped with a P-module structure by 
setting, for c,de1 and / e 9(Fc,Pd), 

C G ° M (/):=G(c M (/)) • 

For M := P and G a constant functor mapping to an object x e 3C and its identity 
morphism id x , we obtain the constant module (T x ,id) as in the preceding definition. 

2.99 Definition (Pullback Module): Suppose given two relative monads P and Q and a 
morphism t : P — * Q as in Def. 2.87. Let N a Q-module with codomain 8. We define a 
P-module h*M to 8 with object map 

c^>M(Gc) 

by defining the substitution map, for / : Fc — * Pd, as 

^ M (f):=q u 0i d oG f foN c ) . 

The module thus defined is called the pullback module ofN along h. The pullback extends 
to module morphisms and is functorial. 
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2.100 Definition (Induced Module Morphism): With the same notation as before, the 
monad morphism h induces a morphism of P-modules h : G'P — > h*Q. Note that the 
domain module is the module obtained by postcomposing P with G' , whereas for (plain) 
monads the module was just the tautological module of the domain monad. 

2.101 Definition (Product): Suppose the category 8 is equipped with a product. Let M 
and N be P-modules with codomain <S. Then the map 

M x N : -» <£, c-^McxNc 

is canonically equipped with a substitution and thus constitutes a module called the 
product of M and N. This construction extends to a product on RMod(P, <?). 

2.4.3. Derivation & Fibre 

We are particularly interested in monads on the functor A r : Set 7 — * Pre r for some 
set T, and modules over such monads. The constructions on modules over monads of 
Sect. 2.2.3, derivation (cf. Sect. 2.2.3.1) and fibre modules (cf. Sect. 2.2.3.2), carry over 
to modules over monads on A T . 

2.102 Definition: Given a monad P over A T and a P-module M with codomain 8, we 
define the derived module of M with respect to u e T by setting 

M U (V) :=M(V* U ) . 

The module substitution is defined, for / e Pre T (A T V, PW), by 

C M " (/):=?%/) • 

Here the "shifted" map 

J e Pre T (A r (V* u ),P(W*")) 
is the adjunct under the adjunction of Rem. 2.21 of the coproduct map 

<p(J) := [POnDo^rjOnrW)] : V* u - UP(W* U ) , 

where [inl, inr] = id : W* u — * W* u . Derivation is an endofunctor on the category of 
P-modules with codomain 8. 

2.103 Notation: In case the set T of types is T = {*} the singleton set of types, i.e. when 
talking about untyped syntax, we denote by M 1 the derived module of M. Given a natural 
number n, we denote by M" the module obtained by deriving n times the module M. 

Analogously to Sect. 2.2.3, we derive more generally with respect to a natural transfor- 
mation t : 1 — > S7~U n as in Def. 2.57: 
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2.104 Definition (Derived Module): Let t : 1 — * STU n be a natural transformation. Let 
T be a set and P be a relative monad on A^. Given any P-module M, we call derivation 
ofM with respect to t the module with object map M T (V) := M (v T ( v ^. 

2.105 Definition: Let P be a relative monad over F, and M a P-module with codomain 
<S T for some category 8. The fibre module [M] t of M with respect to t eT has object map 

c^ M(cXt) = M(c) t 

and substitution map 

c MtCf) : = ( c M (/)) t . 

This definition generalizes to fibres with respect to a natural transformation as in 
Def. 2.104. 

The pullback operation commutes with products, derivations and fibres : 

2.106 Lemma: Let and @ he categories and S be a category with products. Let P : — * 
& and Q-.^^Dbe monads over F : ^ — > <3) and F' : c € / — > <S}' ', resp., and p : P — > Q a 
monad morphism. Let M and N be P-modules with codomain 8. The pullback functor is 
cartesian: 

p*(M xN) = p*M xp*N . 

2.107 Lemma: Consider the setting as in the preceding lemma, with F = A T , and teT. 
Then we have 

2.108 Lemma: Suppose N is a Q-module with codomain 8 T , and t e T. Then 

p*[M] t ^[p*M] t . 

2.109 Definition: Recall that the category wPre is the category of preordered sets and 
set-theoretic maps (not necessarily monotone) between them (Def. 2.9). Given a relative 
monad P on some functor F and a P-module M with codomain Pre, we can consider M 
as a P-module with codomain wPre. We denote this module by M. In other words, we 
have a functor 

~ : RMod(pPre)^ RMod(PwPre) 
obtained by postcomposition with the forgetful functor from Pre to wPre. 

2.110 Definition (Substitution of one Variable): Let P be a monad over A. For any set 
X, we define a binary substitution operation 

substpf) : P(X*) x P{X) -> P(X), 

(y, z) -* y [* := z] := cr (default^, z)) ( y) , 
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where "default" is a coproduct map; for / : A — * B and z e B, 

default(/, z) := [f, x -» z] : A + {*} -» B . 
This defines a morphism of P-modules with codomain wPre, 

subst p : P' x P -> P . 

The reason why we have to consider the category wPre with all set-theoretic maps instead 
of just monotone maps is that subst p is not necessarily monotone in its second argument, 
cf. Rem. 2.86. 

The untyped substitution of Def. 2.110 actually is a special case of the following typed 
substitution: 

2.111 Definition (Substitution of one Variable, typed): Let T be a (nonempty) set and 
let P be a monad over A T . For any s,t€T and X e Set 7 we define a binary substitution 
operation 

subst S;t (X) : P(X* s ) t x PpQ s ^ P(X) t , 

(y, z) -» j [* := z] := a (default^, z)) (y ) . 

For any pair (5, t) € T 2 , we thus obtain a morphism of P-modules 

subst s P t :[P s ] t x[P] s -[P] t . 
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In this chapter we present two generalizations to simple type systems of Hirschowitz and 
Maggesi's initiality theorem for untyped syntax [HM07a] : 

• in Sect. 3.2 we review Zsido's theorem [ZsilO, Chapt. 6]. 

• In Sect. 3.3 we prove a variant of Zsido's theorem which accounts for translations 
between languages over different sets of object types. 

We explain the difference between the two abovementioned theorems in more detail: 

in Zsido's theorem, the underlying set of types of a signature — and thus of the term 
language the signature specifies — is given as a fixed parameter. In particular, all the 
models — representations — of the signature have the same underlying set of types. 
Furthermore, this set does not necessarily have inductive structure, as opposed to the 
sets of types we characterize via initiality in Sect. 3.1 — the content of Sect. 3.2 is 
independent of that of Sect. 3.1. 

In our variant of Zsido's theorem we prove in Sect. 3.3, a language is specified by a 
pair (S, S) of signatures, a signature S for types as presented in Sect. 3.1, and a signature 
S for terms over the signature S. A representation of such a signature is given by a pair 
of a representation of S and a representation of S. In particular, we consider models 
of (S, S) whose underlying set of types is different from the set freely generated by the 
signature S. The initiality result of Sect. 3.3 thus characterizes both the types and terms 
freely generated by a signature as initial object in a category of representations. 

As running examples, we consider the simply-typed lambda calculus and Plotkin's 
PCF [Plo77]. In Sect. 3.4 we present a logic translation from classical to intuitionistic 
propositional logic as an instance of our theorem of Sect. 3.3. Before focusing on term 
signatures, however, we review, in Sect. 3.1, algebraic signatures as treated by Birkhoff 
[Bir35]. Algebraic signatures are used in Sect. 3.3 for the specification of the set of types 
of a language. 

3.1. Signatures for Types 

We present algebraic signatures, which later are used to specify the object types of the 
languages we consider. Algebraic signatures and their models were first considered by 
Birkhoff [Bir35]. 
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3.1 Definition (Algebraic Signature): An algebraic signature S is a family of natural 
numbers, i.e. a set J s and a map (carrying the same name as the signature) S : J s — > N. 
For j G J s and n e N, we also write j : n instead of j >-* n. An element of J resp. its image 
under S is called an arity of S. 

3.2 Example (Algebraic Signature of Ex. 1.3): The algebraic signature of the types of 
the simply-typed lambda calculus is given by 

S TLC := {* : , (~>) : 2} . 

To any algebraic signature we associate a category of representations. We call representa- 
tion of S any set U equipped with operations according to the signature S. A morphism 
of representations is a map between the underlying sets that is compatible with the 
operations on either side in a suitable sense. Representations and their morphisms form 
a category. We give the formal definitions: 

3.3 Definition (Representation of an Algebraic Signature S, S-Algebra) : A representation 
R of an algebraic signature S — also known as S-algebra — is given by 

• a set X and 

• for each j e J s , an operation j R : X s ^ — > X. 

In the following, given a representation R, we write R also for its underlying set. 

3.4 Example: The language PCF [Plo77, HO00] (see also Sect. A.1) is a simply-typed 
lambda calculus with a fixed point operator and arithmetic constants. Let J :={(., o, (=>)}. 
The signature of the types of PCF is given by the arities 

S PCF :=U:0 , o:0 , (=>) : 2} . 

A representation T of Sp^p is given by a set T and three operations, 

J : T , o T :T , (=>) r : T x T -> T . 

A morphism of representations is given by a map between the underlying sets that is 
compatible with the representation structure: 

3.5 Definition (Morphisms of Representations) : Given two representations T and U of 
the algebraic signature S, a morphism from T to U is a map / : T — * U such that, for any 
arity n = S(j) of S, we have 

foj T = j u o(fx...xf) . 

v ' 

n times 
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3.6 Example (Ex. 3.4 continued): Given two representations T and U of Spcf> a mor- 
phism from T to U is a map f : T —* U between the underlying sets such that, for any 

s,t<ET, 

fd T ) = i U , 
f(o T ) = o u and 

Representations of an algebraic signature S and their morphisms form a category. 

3.7 Lemma: Let (J,S) (or S for short) be an algebraic signature. The category of represen- 
tations of S has an initial object S. 

Proof We cut the proof into small steps: 

• In a type-theoretic setting the set — also called S — which underlies the initial 
representation S is defined as an inductive set with a family of constructors indexed 
by J s : 

S ::= C:V;eJ, S s °' } -> S . 
That is, for each arity j e J, we have a constructor C ; : S s ^ — > S. 

• For each arity j e J, we must specify an operation j s : S s ^ — * S. We set 

f := Cj : S s0) -» S , 

that is, the representation j s of an arity n = S(j) is given precisely by its corre- 
sponding constructor. 

• Given any representation R of S, we specify a map t K : S — > R between the 
underlying sets by structural recursion: 

i R :S^R, i R (Cj(a)):=j R ((i R ) s UXa)) , 

for a e S s ^\ That is, the image of a constructor function Cj maps recursively on 
the image of the corresponding representation j of R. 

• We must prove that i R is a morphism of representations, that is, that for any j e J 
with S(j) = n, 

i Roj S =j R o(iR) n . 

Replacing ; s by its definition yields that this equation is precisely the specification 
of i R , see above. 
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• It is the diagram of Def. 3.5 which ensures uniqueness of i R ; since any morphism 
of representations i' : S — > R must make it commute, one can show by structural 
induction that i' = i R . More precisely: 

iXCj(a)) = i'(Cj( ai , a s(j) )) = j R (i'( ai l i'(a S0 ))) 

□ 

3.8 Example (Ex. 3.4 continued): The set Tp^p underlying the initial representation of 
the algebraic signature Spcf is given by 

T PCF ::= t | o | r PCF =>r PCF . 

For any other representation R of Spcf the initial morphism i R : T P qp — > R is given by the 
clauses 

i«(0 

3.2. Zsido's Theorem Reviewed 

We present Zsido's initiality theorem [ZsilO, Chapt. 6] (cf. Thm. 3.28) for simply-typed 
abstract syntax. Its formalization in the proof assistant Coq is explained in Chapt. 7. 
Throughout this section the number given in the name of each definition points to the 
implementation of this definition in Coq. For instance, the implementation of Simple 
Monad Morphisms (Def. 3.12) is given in Code 6.13. 

Our presentation follows the pattern outlined at the beginning of Sect. 1.2: in 
Sect. 3.2.1 we present classic signatures in two different ways. Afterwards, in Sect. 3.2.2, 
we give the definition of representations of such signatures. Finally, in Sect. 3.2.3, we 
state the main theorem, proved by Zsido [ZsilO]. 

3.2.1. Signatures for Terms 

In Sect. 3.2.1.1 we give a purely syntactical definition of classic arities. Afterwards, in 
Sect. 3.2.1.2 we give a definition of arities as pairs of functors on suitable categories, and 
identify a subclass of arities which are in one-to-one correspondence with classic arities. 
We thus call arities of this subclass classic as well. In the following we fix a set T of object 
types. 



= Us) ^ R Ut) . 
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3.2.1.1. Arities, syntactically 

Syntactically, a classic arity consists of an element of t e T which specifies the output 
type of a constructor, as well as a list of pairs ([t^i, . . ., tf jm .], t{), where t; fc , t; e T. 
Each such pair represents an argument of the corresponding constructor: the element 
tj denotes the object type of the argument, whereas the list [t^i, t im .] specifies the 
types of the variables that are bound by the constructor in this argument. 

3.9 Definition (Classic T-Arity T-Signature): A classic arity is of the form 

[([tl.l' • • •' t l,mJ> • • • )([ f n,l) • • •> ^n,m n 1> t n)\ ~ * t > 

where t ik and t t are elements of T. We use an arrow to separate the data specifying input 
data and output data, respectively. A signature is a family of arities. For a formalized 
definition, see the Coq code snippets Code 7.1 and Code 7.2. 

3.10 Example (Signature of TLC): The signature of the simply-typed lambda calculus 
(cf. Ex. 1.3) is given by 

{abs s>t : [([s],0] -» (s ~* t) , app s t : [([],s ~» t), ([],s)] t} s , te r TLC • 
See the code snippet Code 7.3 for a Coq implementation of this example. 

3.2.1.2. Arities, semantically 

In this section we give a definition of arities as pairs of functors between suitable 
categories. The source category (cf. Def. 3.13) is a category of monads and morphisms of 
monads, whereas the target category (cf. Def. 3.15) mixes modules over different such 
monads. 

At first, in Rem. 3.11, we present an alternative characterization of algebraic arities. 
This alternative point of view is then adapted to allow for the specification of arities for 
terms. 

3.11 Remark Algebraic Arities viewed differently: An algebraic arity j : n as presented in 
Sect. 3.1 associates, to any setX, the set dom(_/,X) :=X n , the domain set. A representa- 
tion R of this arity j in a set X then is given by a map j R : X n — > X. More formally, the 
domain set is given via a functor dom(j) : Set — > Set which associates to any setX the 
setX". Similarly, we might also speak of a codomain functor for any arity, which — for 
algebraic arities — is given by the identity functor. A representation R of; in a setX then 
is given by a morphism 

f : dom(jXX) - cod(jXX) • 

We take the perspective of Rem. 3.11 in order to define arities and signatures for terms: 
given a set T of object types, an arity a for terms typed over T is a pair of functors 
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(dom(a), cod(a)) associating two P-modules dom(a)(P) and cod(a)(P), to any suitable 
monad P. A suitable monad here is a monad P on the category Set r . A representation R 
of a in a such a monad P is a module morphism 

a R : dom( a)(P) -» cod(a)(P) . 

We consider monads as in Def. 2.33 (also: Def. 2.65) over a category of the form Set r 
for some fixed set T. Throughout this section, morphisms between two such monads 
over the same category are given by colax monad morphisms over the identity functor, 
i.e. those morphisms of Def. 2.38 (alt. Def. 2.69) with F = Id Set r. For convenience, and 
as a reference for the implementation in Coq, we explicitly state the definition of these 
"simple" monad morphisms, using the definition through Kleisli operation (cf. Def. 2.69) 
of monads and morphisms: 

3.12 Definition (Simple Monad Morphism, Code 6.13): Let P and Q be two monads 
over a category . A simple morphism of monads % from P to Q is given by a collection 
of morphisms t c e "ig(Pc,Qc) such that the following diagrams commute for all suitable 
morphisms / : 




3.13 Definition (Category Mon^) of Monads on S^): Given a category % ', we define 
the category Mon( t ^') to be the category whose objects are monads over ^ . A morphism 
from P to Q in this category is a monad morphism as in Def. 3.12. We denote by 
leg : Mon^) — » Mnd colax the inclusion functor. 

We define a category in which modules over different monads — but with the same 
codomain category — are mixed together. This category can be defined as a particular 
colax comma category. However, we also give an explicit description of the objects and 
morphisms of this category. 

3.14 Definition (Colax Comma Category): Let ^ be a 2-category and c e ^ be an 
object of ^ . Let j^bea category and let F : j4 — > be a functor. An object of the 
colax comma category (F J, c) is given by a pair {a,f : Fa — * c) of an object a e j4 and 
a morphism / : a — > c. A morphism to another such (b, g : Fb — > c) is given by a pair 
{h : a — * b, a) as in the diagram 
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While the above definition is not the most general definition possible for a colax comma 
category, it is sufficient for our needs: 

3.15 Definition (Large Category LMod^, &) of Modules) : Given two categories ^ and 
@, we define the category LMod^, @) to be the colax comma category [ Id @ ). An 
object of this category is a monad P over ^ together with a P-module with codomain 
@ (cf. Def. 2.43). A morphism (J, K) to another such (Q,iV) is given by a morphism 
/ : P — > Q of monads over the identity functor — i.e., a morphism in Mon^) — and a 
morphism of modules h : M — » f*N = N o f : 



M 




Nof 



3.16 Definition (Tautological Module): To any monad R e Mon^) we associate the 
tautological module 9(R) of R, 

e(R):=(R,R)eLMod(^,^) . 

This construction extends to a functor 9 : Mon^g) -» LModC'g', c €). 

A half-arity associates a P-module towards Set to any monad P over Set T : 

3.17 Definition (Half-Arity) : A half-arity over T is a functor 

a : Mon(Set r ) LMod(Set T ,Set) 

from the category of monads over Set r to the large category of modules over such 
monads with codomain Set, such that 

"1 ° a = id Mon(Set T ) • C 3 - 2 - 1 ) 

This last condition given in Disp. (3.2.1) ensures that each monad maps to a module over 
itself. For a monad R e Mon(Set r ), we thus sometimes omit the first component R of the 
image a(R) and consider a(R) e Mod(R, Set). 

3.18 Definition (Arity Signature): A T-arity s is a pair (dom(s), cod(s)) of half-arities 
over T, 

dom(s),cod(s) : Mon(Set r ) -» LMod(Set r ,Set) , 
written dom(s) — » cod(5). A T-signature is a family of T-arities. 

We give some important examples of half-arities over the set T. Note that, by the 
convention of Def. 3.17, we omit the first component of objects of the large category of 
modules LMod(Set r , Set). 
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3.19 Definition: Let T be a nonempty set, and let t e T be an element of T. 

• The map [8] t : Mon(Set r ) — > LMod(Set T ,Set) with object map R •-* (R, [R] t ) is a 
half-arity — the fibre with respect to t — over T. 

• If M is a half-arity over T, so is M c : Mon(Set T ) -» LMod(Set T , Set), M r (R) := 
M(i?) f (cf. Def. 2.55). By iterating, given t x , . . . , t n e T, the functor 

M (ti,-,t„) : j h ( mi (M(R) Cl ) • • •)'" 

is a half-arity. 

• If M and N are half-arities over T, then so is the product M x N : Mon(Set r ) — > 
LMod(Set T ,Set): 

MxJV:J?>-> M(R) x N(R) . 

• The map ]?>-»*, where * : V >-» ls et is the terminal object in Mod(i?, Set), is a 
half-arity over T. 

An arity is a pair of half-arities. We are only interested in classic arities, whose domain 
and codomain functors are of a specific form: 

3.20 Definition (Classic T-Arity T-Signature (II)): We call classic T-arity any T-aritys 
of the form 

s = [e]^ 1 "'^ 1 x ... x [e]^ 1 "^ ^ [9] t0 (3.2.2) 
for t; j, tj S T. A classic T-signature is a collection of such classic arities. 

To an operator that binds m k variables of types tj. 1; . . . , t k mfc in its fc-th argument of 
type t fc , and which yields a term of type t , we associate the arity given in Disp. (3.2.2). 

3.21 Remark: The classic T-arities and T-signatures of Def. 3.20 and of Def. 3.9 are in 
bijection, respectively. We can thus specify T-signatures by simply giving a term of the 
simple data type defined in Def. 3.9. In the Coq formalization, arities and signatures are 
defined via such data types, cf. Code 7.1 and Code 7.2. 

3.22 Remark: In Def. 3.20 we can have n = 0, yielding an arity for constants of, say, 
object type t e T, 

s = *^[e] t0 . 

Such an arity then is given by an empty list of arguments according to Def. 3.9. An 
example of a constant arity is given in Ex. 3.48. 

As an example we discuss the classic signature of the simply typed lambda calculus: 
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3.23 Example (Signature of TLC, Code 7.3): Consider the example of the simply-typed 
lambda calculus (cf. Exs. 1.3, 2.37). Its signature is given syntactically in Ex. 3.10. 
Equivalently it is given by the signature 



3.24 Remark: Note that in Ex. 3.23 we do not need to explicitly specify an arity for the 
Var term constructor in order to obtain the simply-typed lambda calculus as presented 
in Ex. 1.3. Indeed, by building models from monads (cf. Def. 3.25) every model is by 
definition equipped with a corresponding operation — the unit of the underlying monad. 

3.2.2. Representations 

A representation of an arity 5 in a monad P is given by a morphism of P-modules whose 
domain and codomain are determined by s: 

3.25 Definition (Representation of a T-Signature, Code 7.4): A representation R of a 
T-signature S is given by 

• a monad P on the category Set r and 

• for any arity seE,a morphism of modules in LMod(Set T , Set), 



such that 7i!(5 R ) = id P . 

Given a representation R, we denote by R also the underlying monad. 

Morphisms of representations are monad morphisms that are compatible with the 
representation module morphisms: 

3.26 Definition (Morphism of Representations): Let P and Q be representations of a 
T-signature S. A morphism of representations f : P — > Q is a morphism / between the 
underlying monads such that the following diagram commutes for any arity s of S: 



S TLC = { abs s ,t. a PP s ,tL,ter TLC 



with 



abs v := [9] s t -» [9] w and 
app s , t :=[eU t x[9] s ^[9] t . 



s R : dom(s, P) -> cod(s, P) , 



dom(s,P) 



> cod(s,P) 



(3.2.3) 



dom(s,/) 



cod(s,/) 



dom(s, Q) 



* cod(s,Q). 



65 



3. Simple Type Systems 



The preceding diagram can be seen as a diagram in two different categories, either in the 
category LMod(Set r , Set), or in the category Mod(P, Set) of P-modules. 

3.27 Definition (Category of Representations) : Morphisms of representations can be 
composed: the composition of the underlying monad morphisms again gives a morphism 
of representations. Similarly the identity morphism of monads is a morphism of repre- 
sentations. Two morphisms of representations are said to be equal if their underlying 
morphisms of monads are equal. Representations and their morphisms of a signature S 
form a category Rep(S). 

3.2.3. Initiality 

The main theorem states that any T-signature admits an initial representation: 

3.28 Theorem: Let £ be a classic T -signature. Then the category Rep(S) of representations 
ofT, has an initial object. 

3.29 Remark: The monad underlying the initial representation associates, to any context 
V e Set r , the set of terms of the syntax of £ with free variables in V. The module 
morphisms of the initial representation are given by the constructors of this syntax. 

A set-theoretic construction of the syntax as well as a proof of the theorem is given 
in Zsido's PhD thesis [ZsilO]. In Sect. 7.2 we explain the implementation of the main 
theorem in a type-theoretic setting in the proof assistant Coq. 

3.3. Extending Zsido's Theorem to Varying Types 

Zsido's initiality result of Thm. 3.28 does not account for varying object sorts. Indeed, 
given a signature £ over a set T of object sorts, any representation of £ "has" the same set 
of sorts T, i.e. its underlying monad is a monad on the category Set 7 . In this section we 
give a new definition of signatures and their representations, and prove that the resulting 
category of representations has an initial object. The iteration operator obtained from 
this initiality result accounts for translations between languages over different sets of 
sorts. We define a typed signature to be a pair (S, £) consisting of an algebraic signature S 
for sorts, and a signature £ for terms typed over the sorts specified by S. A representation 
of such a typed signature consists of a representation of the sort signature S in some set 
T and a representation of £ in a monad over the category Set r . Translations of sorts are 
given by morphisms of representations of S, that is, by maps of sets that are compatible 
with the representations of sorts constructors in the source and target. Compared to 
Zsido, we thus restrict ourselves to sets of sorts that have inductive structure, whereas for 
Zsido, the set of sorts is given by an arbitrary parameter. 
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3.3.1. Signatures for Types & Terms 

Before starting with the formal definitions, we informally consider the example of the 
simply-typed lambda calculus; its signature for terms was given in the preceding section 
(cf. Ex. 3.23) as: 

{abs S;t := [([s],0] (*«♦£) , app s t := [([],s ~* t), ([],s)] -» t} S;teTTLC . (3.3.1) 

The parameters 5 and t range over the set Tj\_q of types, the initial representation of the 
signature for types from Ex. 3.2. In particular, we have 2 x Tj L( - arities in this signature. 

Our goal is to consider representations of the simply-typed lambda calculus in monads 
over categories of the form Set 7 " for any set T — provided that T is equipped with a 
representation of the signature Sj\_q. Clearly, the above signature of Disp. (3.3.1), with 
its strong dependence on the set Tj\_q is not well-suited to express this. Instead of the 
above signature, we would like to write 

{abs:= [([1],2)] -»(1~»2) , app := [([], 1 ~* 2), ([], 1)] -» 2} . (3.3.2) 

What is the intended meaning of such a signature? For any representation T of Sjlo the 
variables 1 and 2 range over elements of T. In this way the number of abstractions and 
applications depends on the representation T of Sj\_q: intuitively, a representation of 
the above signature of Disp. (3.3.2) over a representation T of T TL q has T 2 abstractions 
and T 2 applications — one for each pair of elements of T. As an example, for the final 
representation of Sjlc i n the singleton set, one obtains only one abstraction and one 
application morphism. We call arities, that contain object type variables, arities of higher 
degree, where the degree of such an arity denotes the number of (distinct) type variables. 
For instance, the arities abs and app of Disp. (3.3.2) are of degree 2. 

3.3.1.1. Term Arities, syntactically 

In Sect. 3.2, arities over a fixed set of object types T were defined purely syntactically, 
namely using pairs and lists, cf. Def. 3.9. We give a similar syntactic characterization of 
arities over a fixed algebraic signature S for types as in Def. 3.1. 

3.30 Definition (Type of Degree n): For n > 1, we call types of S of degree n the elements 
of the set S(n) of types associated to the signature S with free variables in the set 
{l,...,n}. We set S(0) := S. Formally, the set S(n) may be obtained as the initial 
representation of the signature S enriched by n miliary arities. 

Types of degree n are used to form classic arities of degree n: 

3.31 Definition (Classic Arity of Degree n): A classic arity for terms over the signature 
S for types of degree n is of the form 

[ilh,l,---,h,m 1 ],hl---,i[tk,l,---,tk,m k ],t k )] -»t > ( 3 - 3 - 3 ) 
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where t i ; -, t ; e S(n). More formally, a classic arity of degree n over S is a pair consisting 
of an element t e S(n) and a list of pairs, where each pair itself consists of a list 
[t; 1; . . . , t; m .] of elements of S(n) and an element t; of S(n). 

A classic arity of the form given in Disp. (3.3.3) denotes a constructor — or a family of 
constructors, for n > 1 — whose output type is t , and whose k inputs are terms of type 
tj, respectively, in each of which variables of type according to the list [t ijXj . . . , ti >m .] are 
bound by the constructor. 

3.32 Remark: For an arity as given in Disp. (3.3.3) we also write 

[e^ 1 ""' tl ' mi ] tl x ... x [e^'-' tM, % - [ej to . (3.3.4) 

Examples of (classic) arities are to be found in Ex. 3.47 and Sect. 3.4. 

3.33 Remark Implicit Degree: Any arity of degree n e N as in Def. 3.31 can also be 
considered as an arity of degree n + 1. We denote by S(co) the set of types associated 
to the type signature S with free variables in N. Then any arity of degree n e N can 
be considered as an arity built over S(a>). Conversely, any arity built over S(co) only 
contains a finite set of free variables in N, and can thus be considered to be an arity of 
degree n for some n e N. In particular, by suitable renaming of free variables, there is a 
minimal degree for any arity built over S(a>). We can thus omit the degree — e.g., the 
lower inner index n in Disp. (3.3.4) — , and specify any arity as an arity over S(co), if we 
really want to consider this arity to be of minimal degree. Otherwise we must specify the 
degree explicitly. 

3.3.1.2. Term Arities, semantically 

We now attach a meaning to the purely syntactically defined arities of Sect. 3.3.1.1. More 
precisely, we define arities as pairs of functors over suitable categories. Afterwards we 
restrict ourselves to a specific class of functors, yielding arities which are in one-to-one 
correspondence to — and thus can be compactly specified via — the syntactically defined 
classic arities of Sect. 3.3.1.1. Accordingly, we call the restricted class of arities also 
classic arities. 

Throughout this section, we fix an algebraic signature S for types. An arity a of 
degree n for terms over S is a pair of functors (dom(a), cod(a)) associating two P- 
modules dom(a, P) and cod(a, P), each of degree n, to any suitable monad P. A suitable 
monad here is a monad P on some category Set T where the set T is equipped with a 
representation of S. We call such a monad an S-monad. A representation R of a in an 
S-monad P is a module morphism 

a R : dom(a,P) — * cod(a,P) . 
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As we have seen in Ex. 1.3, constructors can in fact be families of constructors indexed by 
type variables. For such a constructor indexed n times, we consider modules of degree n 
(cf. Rem. 3.37). 

We define a family of categories of monads which will play the role of the category 
defined in Def. 3.13: 

3.34 Definition (S-Monad): Given an algebraic signature S, the 2-category S-Mnd of 
S-monads is defined as the 2-category whose objects are pairs (T, P) of a representation 
T of S and a monad P : Set r — » Set r . A morphism from (T,P) to {T 1 , P') is a pair (g,/ ) 
of a morphism of S-representations g : T — * T' and a monad morphism / : P — > P' 
over the retyping functor g (cf. Rem. 2.23). Transformations are the transformations of 
Mnd colax . 

Given n e N, we write S-Mnd n for the 2-category whose objects are pairs (T, P) of a 
representation T of S and a monad P over Set^. A morphism from (T, P) to (T 7 , P') is 
a pair (g,/) of a morphism of S-representations g : T — > T' and a monad morphism 
/ : P — > P' over the retyping functor g(n) (cf. Def. 2.28). 

We call I S n : S-Mnd n — * Mnd co i ax the functor which forgets the representation of S. 

We define a "large category of modules" in which modules over different S-monads 
are mixed together: 

3.35 Definition (Large Category of Modules): Given a natural number n e N, an al- 
gebraic signature S and a category &, we call LMod n (S, 2?) the colax comma category 
I Sn i (2), Id). An object of this category is a pair (P,M) of a monad P e S-Mnd n and a 
P-module with codomain Si. A morphism to another such (Q, IV) is a pair (/, K) of an 
S-monad morphism / : P — > Q in S-Mnd n and a transformation h : M — > /*JV: 

M 

p^^^r^ id@ . 

Nof 

A half-arity over S of degree n is given by a functor from the category of monads to the 
large category of modules: 

3.36 Definition (Half-Arity over S (of degree n)): Given an algebraic signature S and 
n € N, we call half-arity over S of degree n a functor 

a:S-Mnd^LMod n (S,Set) 

which is pre-inverse to the forgetful functor. 

Taking into account Rem. 3.37, this means that a half-arity of degree n associates to 
any S-monad R — with representation of S in a set T — a family of P-modules indexed 
n times by T. 
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3.37 Remark Module of Higher Degree corresponds to a Family of Modules: Let ? be a 
category, let T be a set and R be a monad on^ T . Suppose neN, and let & be a category. 
Then modules over R n with codomain & correspond precisely to families of R-modules 
indexed by T n with codomain @ by (un) currying. More precisely, let M be an R n -module. 
Given t e T n , we define an R-module M t by 

M t (c):=M(c,t) . 

Module substitution for M t is given, for / e < g' r (c,Rd), by 

c M t(/);=c M (/) 

where we use that we also have / e ^((c.t), (Rd,t)) according to Def. 2.26. Going the 
other way round, given a family (M t ) ter n, we define the R n -module M by 

M(c,t):=M t (c) . 

Given a morphism / e ^ ((c, t), (Rd, t)) — recall that morphisms in S^ 7 are only between 
families with the same marker t — , we also have / e c € T {c,Rd) and define 

c M (/);=c M t(/) _ 

The remark extends to morphisms of modules; indeed, a morphism of modules a : 
M — > N on categories with pointed index sets corresponds to a family of morphisms 
(a t : M t — > iV t )ter n between the associated families of modules. 

As in Sect. 3.2, we restrict our attention to half-arities which correspond, in a sense 
made precise below, to the syntactically defined arities of Def. 3.31. The basic brick is the 
tautological module of degree n: 

3.38 Definition: Given a category and n e N, any monad R on the category C € T 
induces a monad R n on ^ with object map (V, t 1 ,..., t n ) >-> (RV, t 1 ,..., t n ), as is already 
indicated for functors in Def. 2.26. 

3.39 Definition (Tautological Module of Degree n): Let n e N be a natural number. To 
any S-monad R we associate the tautological module of R n , 

e n (R):=(R n ,R n )eLMod n (S,Set[) . 

This construction extends to a functor 9 n : S-Mnd — * LMod n (S, Set 7 ). 

Let us consider the signature Sjiq of types of TLC. In the syntactically defined arities 
(cf. Disp. (3.3.2)) we write terms like 1 ~> 2. We now give meaning to such a term: 
let T be any representation of Sjiq, that is, a set T together with a base type * e T 
and a binary operation (~~») : T x T — > T. Intuitively, the term 1 ~> 2 should associate, 
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to an object (T, V, t 1; t 2 ) with a T-indexed family V of sets and t x , t 2 e T, the element 
t x ~> t 2 e T. More formally, such a term is interpreted by a natural transformation (cf. 
Def. 3.41) over a specific category whose objects are triples of a representation T of 
Sjlc> a family of sets indexed by (the set) T and "markers" (t 1; t 2 ) e T 2 . 

We go back to considering an arbitrary signature S for types. The following are the 
corresponding basic categories of interest: 

3.40 Definition (S^): Given a category ^ — think of it as the category Set of sets — 
we define the category S c € n to be the category an object of which is a triple (T, V, t) where 
T is a representation of S, the object V e 1g T is a T-indexed family of objects of ^ and 
t is a vector of elements of T of length n. We denote by S U n : S c € n — * Set the functor 
mapping an object (T, V, t) to the underlying set T. 

We have a forgetful functor — > ^ c <o n which forgets the representation structure. 
On the other hand, any representation T of S in a set T gives rise to a functor ^ — » S^, 
which "attaches" the representation structure. 

The meaning of a term s e S(n) as a natural transformation 

s : 1 => SU n : S^ n -» Set 
is now given by recursion on the structure of s : 

3.41 Definition (Canonical Natural Transformation): Let s e S(n) be a type of degree n. 
Then 5 denotes a natural transformation 

5 : 1 =>SL/ n : S^ n ^ Set 

defined recursively on the structure of s as follows: for s = a(a 1; . . . , a fc ) the image of a 
constructor a e S we set 

s(T, V, t) = a( ai (r, V,t),..., a k {T, V, t)) 
and for 5 = m with 1 < m < n we define 

s(r,V,t) = t(m) . 
We call a natural transformation of the form 5 e S(n) canonical. 

Canonical natural transformations are used to build classic half-arities; they indicate 
context extension (derivation) and selection of specific object types (fibre): 

3.42 Definition (Classic Half-Arity over S): The following clauses define an inductive 
set of classic half-arities, to which we restrict our attention: 

• The constant functor * : R >-* 1 is a classic half-arity. 
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• Given any canonical natural transformation t : 1 — » SU n (cf. Def. 3.41), the point- 
wise fibre module with respect to t (cf. Def. 2.59) of the tautological module 
8 n : R >-* (R n ,R n ) (cf. Def. 3.39) is a classic half-arity of degree n, 

[9J T : S-Mnd ^LMod n (S, Set) , R (R, [R„] T ) . 

• Given any (classic) half-arity M = (M 1; M 2 ) : S-Mnd -> LMod n (S,Set) of degree 
n and a canonical natural transformation t : 1 — * SU n , the point-wise derivation of 
M with respect to t (cf. Def. 2.57) is a (classic) half-arity of degree n, 

M T : S-Mnd — > LMod n (S,Set) , Rh (M(R)) t := (M 1 (i?),M 2 (R)' r ) . 

Here (M(i?)) T really means derivation of the module, i.e. derivation in the second 
component of M(R). 

• Given two (classic) half-arities M = (M 1; M 2 ) and AT = (iV 1; iV 2 ) of degree n, which 
coincide pointwise on the first component, i.e. such that Mi — Then their 
product M x N is again a (classic) half-arity of degree n. Here the product is really 
the pointwise product in the second component, i.e. 

MxJV:R>-> (M^R), M 2 (R) x N 2 (R)) . 

3.43 Remark Classic Half-Arity, Syntactically: We can represent a classic half-arity of 
degree n e N over a signature S for types in a purely syntactic manner: such a half-arity 
is determined by a list of the form 

[(t 1) s 1 ),...,(t k ,s fc )] , 

where tj are vectors of finite length of elements of S(n) and s ; e S(n). Such a list 
corresponds precisely to the classic half-arity 

R~[R n Y s lx...x[R n ]ll . 

We use weighted sets as indexing sets for families of arities. The weight denotes the 
degree of the corresponding arity. 

3.44 Definition (Weighted Set): A weighted set is a set J together with a map d : J — > N. 

An arity of degree n € N for terms over an algebraic signature S is a pair of functors 
from S-monads to modules in LMod n (S, Set). The degree n corresponds to the number 
of indices of its associated constructor. As an example, the arities of Abs and App of 
Ex. 1.3 are of degree 2, cf. Ex. 3.47. 
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3.45 Definition (Term-Arity Signature over S): A classic arity a over S of degree n is a 
pair 

s = (dom(a), cod(a)) 
of half-arities over S of degree n such that 

• dom(a) is classic and 

• cod(a) is of the form [8 n ] T for some natural transformation % as in Def. 3.42. 
We write dom(a) — » cod(a) for the arity a, and 



(and similarly for the codomain functor cod) . Any classic arity is thus of the form given in 
Disp. (3.3.3). Given a weighted set (J, d), a term-signature £ over S indexed by (J, d) is 
a J-family £ of algebraic arities over S, the arity S(j) being of degree d(j) for any j e J. 

Finally, a typed signature is a pair of a signature for types and a signature for terms 
over those types: 

3.46 Definition (Typed Signature): A typed signature is a pair (S, £) consisting of an 
algebraic signature S and a term-signature £ (indexed by some weighted set) over S. 

3.47 Example (TLC, Ex. 1.3 continued): The terms of the simply typed lambda calculus 
over the type signature of Ex. 3.2 are given by the arities 



both of which are of degree 2 — we use the convention of Rem. 3.33. The outer lower 
index and the exponent are to be interpreted as de Bruijn variables, ranging over types. 
They indicate the fibre (cf. Def. 2.59) and derivation (cf. Def. 2.57), respectively, in the 
special case where the corresponding natural transformation is given by a natural number 
as in Def. 3.41. In particular, contrast that to the signature for the simply-typed lambda 
calculus we gave in Sect. 3.2, Ex. 3.23. The difference is that now "similar" arities which 
differ only in an object type parameter, are grouped together, whereas this is not the case 
in Ex. 3.23. 

Those two arities can in fact be considered over any algebraic signature S with an 
arrow constructor, in particular over the signature Sp^p (cf. Ex. 3.48). 

3.48 Example (Ex. 3.8 continued): We continue considering PCF. The signature Spcf 
for its types is given in Ex. 3.4. The term-signature of PCF is given in Fig. 3.1: it consists 
of an arity for abstraction and an arity for application, each of degree 2, an arity (of 
degree 1) for the fixed point operator, and one arity of degree for each logic and 
arithmetic constant — some of which we omit: 



dom(a,.R) := dom(a)(R) 



abs : [e^ -> 
app : [91^2 



[e]i_ 2 > 
x [e] a -»[e] 2 
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cond t 
T, F 



Zero? 



Pred 



Succ 



app 
Fix 



abs 



n 



[e]£->[e] 1=>2 , 
[e] 1=>2 x [e] a - [e] 2 , 
[e] 1=>1 -»[e]! , 

i forneN 

* - [e]^ t 
*-»[eU t 

* - [6] t=>0 

* — * [©] =>i=>i=>i 
*->[6] 



Figure 3.1.: Term Signature of PCF 



Our presentation of PCF is inspired by Hyland and Ong's [HO00], who — similarly 
to Plotkin [Plo77] — consider, e.g., the successor as a constant of arrow type. As an 
alternative, one might consider the successor as a constructor expecting a term of type t 
as argument, yielding a term of type i. For our purpose, those two points of view are 
equivalent. 

3.3.2. Representations of Typed Signatures 

A representation of a typed signature (S, S) is given by a representation of S (in a set) 
and a representation of £ in a suitable monad: 

3.49 Definition (Representation of a Signature over S): Let (S, S) be a typed signature. 
A representation R of (S, S) is given by 

• an S-monad P and 

• for each arity a of S, a morphism (in the large category of modules) 



such that 7i 1 (a K ) = id P . 

In the following we also write R for the S-monad underlying the representation R. Note 
that the representation of S is "hidden" in the S-monad P. 



a : dom(a, P) — > cod(a, P) , 
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A morphism of representations accordingly consists of a morphism of representations of 
S together with a morphism of representations of E, that is, a monad morphism that is 
compatible with the term representations: 

3.50 Definition (Morphism of Representations): Given representations P and J? of a 
typed signature (S, E), a morphism of representations / : P — * R is given by a morphism 
of S-monads / : P — > R, such that, for any arity a of E, the following diagram of module 
morphisms commutes: 



dom(a, P) 

dom(a,/) 

dom(a,R) 



-> cod(a,P) 

cod(a,/) 

-> cod(a,R). 



Again the morphism of representations of S is "hidden" in the morphism of S-monads. 

3.51 Remark: Taking a 2-categoric perspective, the above diagram can be read as an 
equality of 2-cells 



dom(a,P) dom(a,P) 




/*cod(a,R) /*cod(a,R) 



where we write df and cf instead of dom(a,/) and cod(a,/), respectively. 

The diagram of Def. 3.50 lives in the category l_Mod n (S, Set) — where n is the degree 
of a — where objects are pairs (P, M) of a S-monad P of S-Mnd n and a module M over 
P. The above 2-cells are morphisms in the category Mod(P n , Set), obtained by taking 
the second projection of the diagram of Def. 3.50. Note that for easier reading, we leave 
out the projection function and thus write dom(a,P) for the P n -module of dom(a,R), 
i.e. for its second component, and similar elsewhere. 

Representations of (S, S) and their morphisms form a category. 

3.52 Remark: We obtain Zsido's category of representations [ZsilO, Chap. 6] by re- 
stricting ourselves to representations of (S, S) whose type representation is the initial 
one. More, precisely, a signature (S, S) maps to a signature, say, Z(S, S) over the initial 
set of sorts S in the sense of Zsido (cf. Sect. 3.2 and [ZsilO, Chap. 6]), obtained by 
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unbundling each arity of higher degree into a family of arities of degree 0. For instance, 
the signature of Ex. 3.47 maps to the signature given in Ex. 3.23. Representations of 
this latter signature in the sense of Sect. 3.2 then are in one-to-one correspondence to 
representations in the sense of this section of the signature of Ex. 3.47 over the initial 
representation S of sorts, via the equivalence explained in Rem. 3.37. 

3.3.3. Initiality 

We have all the ingredients to state and prove an initiality theorem for typed signatures: 

3.53 Theorem: For any typed signature (S, E), the category of representations of (S, S) 
has an initial object. 

Proof. The proof consists of the following steps: 

1. find the initial representation S of the type signature S; 

2. define the monad S of terms specified by £ on the category Set s ; 

3. equip the S-monad £ with a representation structure of £, yielding a representation 
t of (S,£); 

4. for any representation R of (S, £), give a morphism of representations i R : £ — * R; 

5. prove uniqueness of i R . 

We go through these points: 

1. We have already established (cf. Lem. 3.7) that there is an initial representation of 
sorts, which we call S. Its underlying set is called S as well. 

2. The term monad we associate to (S, £) is the same as Zsido's [ZsilO, Chap. 6] 
in the sense of Rem. 3.52, i.e. it is the term monad associated to Z(S, £). The 
construction of this monad in a set-theoretic setting is described in Zsido's thesis. 
We will give its definition in a type-theoretic setting. 

In the following the natural transformations T; are in fact vectors of multiple 
transformations like those in Rem. 2.30 (see also Def. 2.57), iterated by successive 
composition. Furthermore we make use of the simplified notation as introduced in 
Not. 2.31. 

We construct the monad which underlies the initial representation of (S, £), 

£:Set § ^Set § . 

It associates to any set family of variables V e Set s an inductive set of terms with 
the following constructors: 
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• for every classic arity (of degree n) 

« = [e„]£ x ... x [e„]£» - [e n ] a (3.3.5) 

we have a family of constructors indexed n times by t = (t ls . . . , t n ) as well as 
by the context V e Set s : 

a t (V) : £ TlCV %) ai( y, x ... x £ Tm(V ' t) (V)a n Cv,t) - ^W.t) 

• a family of constructors 

Var(V) t : V t -» E(V) t 

indexed by contexts and the set S of sorts. 

The monadic structure is, accordingly, defined in the same way as in [ZsilO], by 
variables-as-terms — using the constructor Var — and flattening. 

3. The representation structure on the monad S is defined by currying, and corre- 
sponds to Zsido's: given an arity a of degree n in S, we must specify a module 
morphism 

a s : dom(a, £) — * cod(a, S) , 
where dom(a, £) and dom(a, S) are modules in Mod(S n , Set). We define 

a £ (V,t)(a):=a t (V)(a) , 

that is, the image under the constructor a from the definition of the monad S. This 
yields a morphism of modules a of degree n; note that according to Rem. 3.37 it 
would be equivalent to specify a family af of module morphisms of suitable type, 
indexed by t, which is actually done by Zsido. 

4. Given any other representation R over a set of sorts T, initiality of S gives a 
"translation of sorts" g : S — » T. 

The morphism i : S — > R on terms is defined by structural recursion. Unfolding the 
definition of colax monad morphism, we need to define, for any context V e Set s , 
a map of type 

i v :V t'eT, g(S(V)) t ,-»R(gV) t , . 
Via the adjunction of Def. 2.22 we equivalently define a map i as a family 

i v :VteS, S(V) t -»R(gV) i(0 . 

Let a e S(V) t be a term. In case a = Var(V) t (v) is the image of a variable v € Vj, 
we map it to 

i v (Var(V) t (v)) := r ? fi (gV)(g(t))(ctype(v)) . 
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Otherwise the term a = a t (V)(a 1 , . . . , a fc ) e E(V)o-(yt) i s mapped to 

i v (a t (V)(ai, • • • , a k )) := a R (g(n)(V, t)) (i(a x ), . . . , i(a fc )) . (3.3.6) 

This map is well-typed: note that g(n)(V,t) = (gV, g*(t)) by definition (Def. 2.28) 
and g(n)((V, t) T ) = (gV, g*(t)) T , i.e. context extension and retyping permute. 

The axioms of monad morphisms, i.e. compatibility of this map with respect 
to variables-as-terms and flattening are easily checked: the former is a direct 
consequence of the definition of i on variables, and the latter is proved by structural 
induction. This definition yields a morphism of representations; consider the 
arity a of S. For this arity the commutative diagram of Def. 3.50 informally 
reads as follows: one starts in the upper-left corner with a tuple of terms, say, 
(a 1; . . . , a fc ) of S. Taking the upper-right path corresponds to the translation of 
the image of this tuple under the map a s , i.e. under the constructor a of S. 
The lower-left path corresponds to the image under the module morphism a R 
of the translated tuple (i(a 1 ), . . . , i(a fc )). The diagram thus precisely states the 
equality of Disp. (3.3.6). We thus establish that i is (the carrier of) a morphism of 
representations (g, i) : (S, S) — * R. 

5. Uniqueness of the morphism i : (S, S) — * R is proved making use of the commu- 
tative diagram of Def. 3.50. Suppose that (g 7 , i') : (S,S) — * R is a morphism of 
representations. We already know that g = g' by initiality of S. 

By structural induction on the terms of S we prove that i = i': using the same 
notation as above, for a = a t (V)(a 1 , . . . , a k ) we have 

i'(a) = a R (i'taj, i'(a k )) ^ a R (iCaJ, . . . , t(a fc )) = i(a) . 

In case a = Var(v) is a variable, considered as a term, the fact that both t and i' are 
monad morphisms ensures that t(Var(v)) = i'CVarfv)) = i7? y (ctype(v)). Thus we 
have proved i = i' . 

□ 

The proof shows that the initial morphism to a representation R depends on the represen- 
tation structure on R and not just on the monad R itself. We illustrate this on the example 
of the typed signature of PCF: 

3.54 Example: Representing the signature of PCF in the untyped lambda calculus leaves 
one with several choices to take, e.g., as to how to translate the fixed point operator Fix. 
To represent Fix in ULC, one must give a unary operation on ULC. Reasonable from the 
semantic viewpoint are, e.g., the representations 

x-^App(Y,x) or x App(9, x) , (3.3.7) 
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using, e.g., one of the fixedpoint combinators 

Y := A/.(Ax./(xx))(Ax./(xx)) (Curry) 

9 := (Ax.Ay.(y(xxy)))(Ax.Ay.(y(xxy))) (Turing). 

By initiality those two representations yield two different compilations of PCF to ULC, 
mapping a PCF term of the form Fix(/) to Y(/) = App(Y,/) and 6(/) = App(9,/), 
respectively. The representation module morphisms thus constitute the "extra structure" 
cj), ip and ip' mentioned in Sect. 1.1. A complete translation is given in Chapt. 9. 

3.4. Logics and Logic Translations 

In the style of the Curry-Howard isomorphism, we consider propositions as types and 
proofs of a proposition as terms of that type. In this example we present the typed 
signatures of two different logics, 

• Classical propositional logic, called CPC, and 

• Intuitionistic propositional logic, called IPC. 

According to our main theorem each of those signatures gives rise to an initial repre- 
sentation, a logical type system. We then use the iteration principle on CPC in order to 
specify a translation of propositions and their proofs from CPC to IPC. The translation we 
specify is actually the propositional fragment of the Godel-Gentzen negative translation 
[TvD88, Def. 3.4]. 

3.4.1. Signatures of Classical and Intuitionistic Logic 

We present typed signatures for classical and intuitionistic propositional logic. Their 
respective signatures for types — propositions — are the same: let P denote a set of 
atomic formulas. The types — propositions — of classical (CPC) and intuitionistic (IPC) 
propositional logic are given by the following algebraic signature: 

■- { p : 0, T : 0, A : 2, 1:0, V : 2, =>: 2} . 

where for any atomic formula p e P we have an arity p : 0. We call & the initial 
representation as well as its underlying set, i.e. the propositions of CPC and IPC. For the 
set we use infixed binary constructors. Note that negation is defined as ->A = A => _L. 

3.4.1.1. Signature of CPC 

For the terms of CPC, each inference rule is given by an arity. In Fig. 3.2 (p. 82), the 
inference rules and their corresponding arities are presented. Each inference rule 
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corresponds to a (family of) term — proof — constructor(s), where inference rules 
without hypotheses are constants. Note that the initial representation automatically 
comes with an additional inference rule 

, var 

T,A\-A 

corresponding to the monadic operation r\, i.e. to the variables-as-terms constructor. 
Analogously to Rem. 3.24, it is not necessary, using our approach, to specify this inference 
rule explicitly by an arity in the term signature of the logic under consideration; any logic 
we specify via a typed signature automatically comes with this rule. 

3.4.1.2. Signature of IPC 

The type signature and thus the formulas of intuitionistic propositional logic IPC are 
the same as for CPC. However, the term signature is missing the arity EM for excluded 
middle. 



3.4.2. Translation via Initiality 

The translation of propositions : 2? — > 2? , i.e. on the type level, is specified by a 
representation g of the algebraic signature 2* in the set 2? . According to Def. 3.3 we 
must specify, for any arity s : n e N of 2* , a map towards 2* taking a suitable number of 
arguments in 2* , 



There is, of course, a canonical such map for each arity — but this would only give us 
the identity morphism on 2* . We represent 2* in 2* not by this identity representation, 
but in such a way that we obtain the Godel-Gentzen negative translation: 

p s ■- -,-,p ; js ■- A s := A, V s := (A, B) -.(-.A A ~>B), 

The proofs of IPC are given by the signature of CPC without the classical axiom EM. We 
represent EM in IPC by giving, for any proposition A, a term of type —■(—■— A A -A), e.g., 

var var 



-i-A A -A h -i-A A -A . -i-A A -A h -i-A A -A . 

"El "E2 

-■-A A -Ah -i-A -i-A A ~A h ~A _^ 

-i-iAA^Ah 1 E 

h -i-AA^A=> 1 1 

As another example, we give a representation of V n , that is, for any proposition A and B, 
we give a term of type A 8 — * ->(->A 8 A ->B 8 ): 
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AS 

tA*V-i-iB* J 1 .. 

De Morgan 



-<-!A* A -.B*) 

Here the proof of A g — » — >— iA g and of the used De Morgan law are abbreviations for longer 
proofs in IPC. We leave it up to the reader to find representations in IPC for the other 
arities. 



3.4.3. Remarks 

This representation of the signature of CPC in IPC yields the (propositional fragment of 
the) Godel-Gentzen translation of propositions specified in Troelstra and van Dalen's 
book [TvD88, Def. 3.4], denoted on propositions with the same name as its specifying 
representation, 

(J 8 : & -» & . 

Our translation of terms shows that any provable proposition in CPC translates to a 
provable proposition in IPC, since we provide the corresponding proof term via our 
translation: 

rh c A implies V s ] r 1 A g . 

However, a logic translation t from a logic L to another logic l! should certainly satisfy 
an equivalence of the form 

rh L A if and only if V 1 \~ L , A c . 

Our framework does not ensure the implication from right to left, and is thus deficient 
from the point of view of logic translations. 

Another important property of logics is normalization through cut elimination. This 
aspect can be treated using the techniques presented in Chapt. 5, where we integrate 
reduction rules into the notion of signature and their representations as presented in this 
chapter. 
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Inference Rule 


Arity 


rhT Tl 


Ti:*-»[e] T 


rhi , 


li:[9]i^[e]i 


rhA rhB * 

. 'M 

ThAAB 


a i: [eji x [e] 2 -> [o] 1A2 


r h AAB a 

PL A A E1 

1 r A 


^El • [®llA2 ~ * [©ll 


r h AAB A 

r h b E2 


A E i:[e]i A2 -»[e] 2 


r,AhB ^ 

r I— a — k h 


=>i= [e]£->[e] 1=>2 


rhA=>B rhA 
rhB 


=> E : [e]i^ 2 x[e] 1 ^[e] 2 


rhA 

; V T1 

1 r A. V £> 


v n : [e]i-» [e] lv2 


rhB v I2 
ThAVB 12 


v E : [e] 2 -» [e]iv2 


rhAvB r,Ahc r,Bhc w 

; » F 

rh c 


v E : [o] lv2 x [e]*x [e]|-»[e] 3 


T h ^AVA 


EM : * — » [9]-,ivi 



Figure 3.2.: Inference Rules of CPC and their Arities 
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We now would like to consider not just the terms (and types) of a language, but also reduc- 
tions on the terms. As an example, suppose we would like to equip the untyped lambda 
calculus with the reduction relation generated by the beta rule given in Disp. (A.2.1). We 
could produce the syntax associated to the signature via the universal property explained 
in the preceding section — possibly in a computer implementation thereof — and define 
a suitable relation on the terms of the language a posteriori. 

However, in this way we would not have any guarantee concerning compatibility of 
substitution with respect to this reduction relation. Furthermore, how could we ensure 
any compatibility of a translation from the initial representation to another term language, 
equipped with some reduction rules, specified via the iteration principle? There would 
not be any systematic way of doing so, we would need to check manually for each 
translation we consider. 

The solution to this problem is to integrate reduction rules into signatures and the 
models of those signatures. Indeed, instead of considering reduction rules for just the 
initial representation of a signature, say, S, we define inequations over S, which specify 
rules for each representation of S. However, not all of the representations of S satisfy 
those rules; we define a "satisfaction" predicate on the representations of S, to pick out 
the representations that satisfy those rules. 

In order to define the satisfaction predicate, we need to consider representations whose 
codomain (read: the codomain of the underlying monad) is not the category of plain 
sets, but of sets with a structure suitable to express relations between its elements. The 
following monadic models come to mind: 

X M : Set — » Set — Terms modulo relations by quotienting 

We reject the idea of quotienting by the congruence relation generated by a set of 
inequations on the grounds that we want to avoid adding a symmetry rule and thus 
loose the information of direction of a reduction 

X M : Pre — » Pre — Monads on preordered sets 

While the use of monads on preordered sets allows to retain directions of reductions, 
it would necessitate to consider preordered contexts. However, contexts usually are 
given by unstructured sets of variables. 

•J M : Set — * Pre — Relative Monads from sets to preordered sets 

Relative monads from sets to preorders avoid the problems one encounters with 
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the aforementioned approaches. As shown in Sect. 2.4.1, the mediating functor to 
use is the functor A : Set — * Pre. 

Before going into more detail concerning the models of signatures with inequations, we 
have a closer look at those signatures themselves. Signatures should carry information 
about 

Syntax the terms, optionally typed over a set of sorts, and 
Semantics reductions on the terms. 

Accordingly, we introduce a notion of 2-signature. A 2-signature (S,A) consists of a 
(higher-order) signature S — which we also call 1-signature from now on, to emphasize 
the existence of a second level, the semantic level — which specifies the terms of a 
language, as well as a set A of inequations over X. Each inequation of A specifies a 
reduction rule. 

We borrow the terms "1-signature" and "2-signature" from T. Hirschowitz [Hir] : they 
are motivated by the point of view of Categorical Semantics. There, types and terms 
of a language are modelled as the objects and morphisms of a category. Furthermore, 
reductions between terms may be modelled through 2-cells. In this way, a 1-signature 
specifies a 1-category whereas a 2-signature specifies a 2-category. 

As the 1-signature which underlies a 2-signature, we may choose any of the notions 
of signature defined in the preceding chapters (cf. Defs. 3.18, 3.46). For this chapter, 
however, we restrict ourselves to untyped syntax with reductions, allowing us to employ 
a simple notion of 1-signature. The next chapter integrates reductions and types. 

While we present 1-signatures from two perspectives, a syntactic one and a semantic 
one, we only present inequations semantically. We refer to Sect. 10.2 for thoughts about 
the syntactic aspect. 

4.1. 1-Signatures 

We start out by defining 1-signatures in two different ways, once syntactically, and once 
in terms of pairs of functors between suitable categories. 

The syntactic description of arities is actually the same as in Sect. 3.2, even simpler: 
since we only consider untyped syntax, we just need to specify the number of arguments 
of a constructor, and, for each argument, the number of variables bound in it: 

4.1 Definition (Classic Arity Signature): A classic arity is given by a list of natural 
numbers. The length of the list indicates the number of arguments of its associated 
constructor, whereas the i-th component of the list specifies the number of variables 
bound in the i-th argument. A classic signature is given by a family of arities. 
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4.2 Example (Untyped Lambda Calculus): The signature of the untyped lambda calculus 
is given by 

S UL c:={app: [0,0] , abs: [1]} . 

For the semantic definition of arities, we define a suitable category of monads and a 
large category of modules. As discussed at the beginning of the chapter, we use relative 
monads and modules over relative monads. 

We start by giving a simplified version of the definition of morphism of relative monads, 
to which we restrict ourselves throughout this chapter. It is obtained from Def. 2.87 by 
restricting the vertical functors G and G' to the identity functor. Furthermore we will 
have F = F', and the natural transformation N is the identity transformation. Given 
two relative monads P and Q on F : — * 3, a (simple) morphism of relative monads is a 
family of morphisms t c e 3(Pc,Qc) that is compatible with the monadic structure: 

4.3 Definition (Morphism of Relative Monads): Given two relative monads P and Q 
from to & on the functor F : — * 3, a morphism of monads from P to Q is given by a 
collection of morphisms t c e 3(Pc,Qc) such that the following diagrams commute for 
all suitable morphisms / : 




As a consequence from these commutativity properties the family t is a natural transfor- 
mation between the functors induced by the monads P and Q (cf. Rem. 2.80). 

4.4 Definition (Category of Relative Monads on F): Given a functor F : ^ — > 3, we 
define the category RMon(F) to be the category whose objects are relative monads on F. 
A morphism from P to Q in RMon(F) is a morphism as in Def. 4.3. 

There is an adjunction between relative monads on A and monads on sets: 

4.5 Lemma (Adjunction between Mon(Set) and RMon(A)): The functors (with object 
functions) defined in hem. 2.83 give rise to an adjunction 

A, 

Mon(Set) i RMon(A) . 
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Proof. The isomorphism ip p>Q : RMon(A)(A, ! P,Q) = Mon(Set)(P U*Q) is defined by 
applying the adjunction of Lem. 2.18 in each morphism of the family underlying a 
morphism of (relative) monads. Commuting diagrams are not modified by applying this 
adjunction. Naturality of ip is trivial. □ 

4.6 Definition (Large Category of Modules): Given a functor F : — * @ and a category 
§, we define the category LRMod(F, <S) to be the category whose objects are pairs (P, M) 
of a relative monad P e RMon(F) and a relative P-module M with codomain § . A 
morphism to another such (Q, IV) is a pair (fr,/) of a morphism ft : P — » Q in RMon(F) 
and a morphism of P-modules / : P — > h*Q to the pullback of Q along h (cf. Sect. 2.4.2). 

For any monad P on F there is the injection functor 

I P : RModCP^) — > LRMod(F, <?), /-»(id,/) . 

A half-arity associates a P-module towards the category Pre of preorders to any 
relative monad P on A: 

4.7 Definition (Half-Arity) : A half-arity a is a functor 

a : RMon(A) -> LRMod(A, Pre) 
that is pre-inverse to the forgetful functor. 

Similarly to the preceding sections we restrict our attention to classic half-arities: 

4.8 Definition (Classic Half-Arity): The following clauses define the inductive set of 
classic half-arities: 

• 8 : P >-* (P, P), the tautological module, is classic; 

• if M is classic, so is its derivation M' : P -* (P, M(P)'); 

• if M and N are classic, so is their product M xN : P >-> (P, M(P) x iV(P)); 

• the constant half-arity * : P >-* 1 is classic. 

Classic half-arities as defined in Def. 4.8 are in one-to-one correspondence to classic 
arities as defined in Def. 4.1: 

4.9 Remark: We use the notation defined in Not. 2.103. More generally, given a list of 
natural numbers s = [n 1; . . . , n m ], we write M s := M" 1 x M" 2 x . . . x M" m . 

The same notation is used for morphisms, i.e. given a morphism of P-modules / : 
M — » IV, we write 

/ s : = /"i x . . . x /""> : M s -> IV s . 

Thus any list of natural numbers specifies uniquely a classic half-arity, the empty list 
denoting the terminal module * : R >-» 1. 
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4.10 Definition (Arity): An arity 5 is a pair s = (dom(s), cod(s)) of half-arities 

dom(s), cod(s) : RMon(A) -» LRMod(A,Set) . 
We write 5 = dom(s) — > cod(s), and dom(s,P) := dom(s)(P) (and similarly for cod). 

4. 1 1 Definition (Classic Arity, 1-Signature) : A classic arity is an arity of the form 

dom(s) — > 9 

such that dom(s) is a classic half-arity. Any classic arity as in Def. 4.1 uniquely specifies 
a classic arity by specifying its domain according to Rem. 4.9. A 1-signature is a family of 
classic arities, or, equivalently according to Rem. 4.9, a family of lists of natural numbers. 

4.12 Example (Untyped Lambda Calculus): The 1-signature Sulc °f tne untyped 
lambda calculus, already given syntactically in Ex. 4.2, is given by the two arities 

app := 9 x 9 -» 9 , abs := 9' -> 9 . 

4.2. Representations of 1-Signatures 

A representation of a classic arity s in a monad P is a module morphism dom(s, P) — > P. 
More generally: 

4. 13 Definition (Representation of an Arity) : A representation of an arity s = dom(s) — * 
cod(s) in a monad P on A is a morphism M of P-modules 

M : dom(s,P) -> cod(s,P) 

in the category LRMod(A, Set), such that n^M) = id. By abuse of notation, we also 
denote by M the second projection of M, i.e. we consider M e RMod(P, Set). 

A representation of a signature is given by a relative monad on A and a representation 
of each arity in this monad: 

4.14 Definition (Representation of a 1-Signature): A representation Rofa signature S is 
given by 

• a monad P on A and 

• a representation s R : dom(s, P) — » cod(s, P) of each arity s e S in P as in Def. 4.13. 
Given a representation R, we denote its underlying monad by R as well. 
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For any signature S as in Def. 4.11, we have representations of S in monads on Set 
(cf. Def. 3.25) and in relative monads on A (cf. Def. 4.14). The following definition links 
those representations: 

4.15 Definition (Reps, in Relative Monads and Monads): To any representation of 
a classic signature S in a relative monad R as defined in Def. 4.14 we associate a 
representation of S in the monad U*R (cf. Lem. 4.5) according to the definition of 
representation of Def. 3.25, by postcomposing with the forgetful functor from preorders 
to sets. 

Conversely, to any representation of S in a monad Q over sets we associate a represen- 
tation of S in the relative monad A*Q over A, by postcomposing with A. More precisely, 
an arity s = [s l3 . . . ,s n ] e E and a representation of 5 in Q, say, 

s Q :Q s -Q , 

with Q s := Q Sl x ... x Q s ", we have to give a morphism of modules 

A,Q Sl x ... x A,Q S " AQ* , 

that is, a family of monotone morphisms in the category Pre. However, the domain 
module is isomorphic to A*Q S , hence postcomposing the map s Q with A does the job, 

A*5 Q : A,Q S A,Q , 

and A*s® obviously has the necessary commutation property with respect to substitution. 

4.16 Example (Ex. 4.12 continued): A representation P of SyLC i s given by 

• a monad P : Set ^* Pre and 

• two morphisms of P-modules in RMod(P, Pre), 

app : P x P -> P and abs : P' -» P . 

Morphisms of representations are monad morphisms which commute with the represen- 
tation morphisms of modules: 

4.17 Definition (Morphism of Representations): Let P and Q be representations of a 
classic signature S. A morphism of representations f : P — > Q is a morphism of monads 
/ : P — > Q such that the following diagram commutes for any arity seE: 

dom(s,P) >P 

dom(s,/) 

dom( 5 ,Q) — >Q. 



f 
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The meaning of those diagrams might become clearer when we consider the example of 
the untyped lambda calculus. In line with the abuse of notation mentioned in Def. 4.13, 
we omit the first component of objects and morphisms in LRMod(A, Set): 

4.18 Example (Ex. 4.16 continued): Let P and R be two representations of Eulc- ^ 
morphism from P to R is given by a morphism of monads / : P — » R such that the 
following diagrams of P-module morphisms commute: 



P x P 

/*/ 

f*(R x R) 



app 



^P 



/*(app R ) 



f 

->/*R 




/*(abs K ) 



To make sense of these diagram it is necessary to recall the constructions on modules of 
Sect. 2.4.2. The diagrams live in the category RMod(P, Pre). The vertices are obtained 
from the tautological modules P resp. the Q over the monads P resp. Q by applying 
the pullback (for Q) and derivation functors as well as by the use of the product in the 
category of P-modules into Pre. The vertical morphisms are module morphisms induced 
by / , to which — on the left-hand side — functoriality of derivation and products are 
applied. Furthermore instances of Lem. 2.106 and 2.107 are hidden in the lower left 
corner. The lower horizontal morphism makes use of the functoriality of the pullback 
operation. 

4.19 Definition (Category of Representations): Representations of S and their mor- 
phisms form a category Rep A (S). 

4.20 Lemma (Adj. between Reps, in Rel. Monads and Reps, in Monads): The assignment 
of Def. 4.15 extends to an adjunction between the category of representations in relative 
monads on A and the category of representations in monads on sets (cf. Def. 3.27): 

A, 

Rep(S)^" i ~^Rep A (S) . 



4.21 Lemma (Initiality for 1-Signatures): The category of representations of a signature 
£ in relative monads as defined in Def. 4.19 has an initial object. Its underlying monad 
associates, to any set of variables, the set of terms o/S, equipped with the equality preorder. 

Proof. This is a direct consequence of Lem. 2.19 which says that left adjoints preserve 
colimits — thus, in particular, initial objects — , applied to the adjunction of Lem. 4.20. □ 
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4.3. Inequations 

Consider the beta rule of lambda calculus, 

AM(AO~»M[* :=N] . 

In our formalism, abstraction and application are considered as morphisms of modules 
(cf. Ex. 2.95), and so is substitution (cf. Def. 2.110). This suggests to define (in)equations 
over a 1-signature S as parallel pairs of module morphisms, indexed by representations of 
S. Put differently, an (in)equation associates a parallel pair of module morphisms to any 
representation of S. Hirschowitz and Maggesi [HM07b] specify equations through such 
pairs of (indexed) module morphisms over (plain) monads. We adapt their definition 
to our use of relative monads and modules over such monads. Afterwards we simply 
interpret a pair of half-equations as inequation rather than equation. 

4.22 Definition (Category of Half-Equations, [HM07b]): Let S be a signature. A 
H-module U is a functor from the category of representations of S to the category 
LRMod(A, wPre) commuting with the forgetful functors to the category of relative 
monads over A: 

Rep A (S) ^^^^ ^^^x LRMod(A,wPre) 

RMon(A). 

Such a S-module U associates, to any representation of S with underlying monad P, a 
module over P. 

We define a morphism of S-modules to be a natural transformation which becomes 
the identity when composed with the forgetful functor. We call these morphisms half- 
equations. These definitions yield a category which we call the category of T.-modules (or 
the category of half-equations) . We sometimes write 

U* := U(R)(X) 

for the value of a S-module at the representation R and the set X. Similarly, for a 
half-equation a : U — * V we write 

4 := a(R)(X) : [/f ^ V* . 

4.23 Remark: We define S-modules over the signature S as functors into the category 
LRMod(A, wPre), whose objects are modules with codomain category wPre instead of 
Pre to accommodate an important example: recall that substitution of one variable (cf. 
Def. 2.110) is not necessarily monotone in the second argument. Thus, in order to build 
a half-equation from this substitution (cf. Def. 4.27), we need to use the category wPre 
as codomain category. 
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4.24 Remark: A half-equation a from S-module U to V associates, to any representation 
R, a morphism of R-modules a R : U(R) — > V(R) in RMod(R,wPre) such that for any 
morphism / : P — * R of representations of E the following diagram commutes: 



(P,U(P)) 



(R,/*([/(R))) KR,/*(V(R))) • 

4.25 Remark: Pierre-Louis Curien suggested the following alternative definition of a 
half-equation, where its domain and codomain only depend on the monad underlying each 
representation: domain and codomain are specified by functors U and V on the category 
RMon(A), and a half-equation a from U to V is given by a natural transformation 

a : U o 7ii — » V o 7i j , 

where : Rep A (S) — > RMon(A) is the forgetful functor. Indeed, in all the examples 
of half-equations we consider, the domain and codomain S-modules only depend on 
the monads underlying a representation, not the representation structure itself. Both 
variants, the one presented here in detail as well as the one suggested by Curien, are 
implemented in our Coq library. 

Given a 1-signature S, we restrict ourselves to classic inequations: these are inequa- 
tions whose codomain S-module is of a specific form. The restriction to these inequations 
allows us to ensure a technical condition which we prove, for classic inequations, in 
Lem. 4.35. Analogously to the preceding chapters, we only write the second component 
of objects in the large category LRMod(A, wPre) of modules. 

4.26 Definition (Classic S-Module): We call classic any S-module satisfying the follow- 
ing inductive predicate. 

• The map 9 : R -* n^R (cf. Def. 2.109 and Rem. 4.25) is a classic S-module. 

• If the S-module M : R >-* M(R) is classic, so is 

M' : R -> M(R.y . 

• If M and N are classic, so is 

M x IV : R -» M(R) x N(R) . 

• The terminal module * : R —> 1 is classic. 
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Using the same notation as in Rem. 4.9, any list of natural numbers specifies uniquely a 
classic E-module. 

We now present some particular classic half-equations: 

4.27 Definition: The substitution operation of Def. 2.110, 

subst : R -» subst* :R'xB-*R 
is a half-equation over any 1-signature S. Its domain and codomain are classic. 

4.28 Example (Ex. 4.12 continued): The map 

app o (abs x id) : R -* app K o (abs R x id R ) :R' x R -> R 
is a half-equation over the signature £|jLC- 

4.29 Definition: Any arity s — [n 1; . . . , n m ] e £ defines a classic S-module 

dom(s) : R -» R" 1 x . . . x R n -» . 
An inequation is given by a pair of parallel half-equations: 

4.30 Definition (Inequations, 2-Signature) : Given a 1-signature S, a T,-inequation is a 
pair of parallel half-equations between S-modules. We write 

a<y: U^V 

for the inequation (a, y) with domain [/ and codomain V. A 2-signature is a pair (E,A) 
of a 1-signature S and a set A of S-inequations. 

Given a 2-signature (S, A), we can test whether a given representation R of S satisfies 
the inequations of A. Those representations satisfying any inequation of A form the 
category of representations of (S,A): 

4.31 Definition (Representation of Inequations): A representation of a H-inequation 
a < y '■ U — * V is any representation R of S such that a R < y R pointwise, i.e. such that 
for any set X and any y e U(R)(X), 

4(j) < r£G0 • 

We say that such a representation R satisfies the inequation a < 7. 

For a set A of S-inequations, we call representation of (£,A) any representation of 
S that satisfies each inequation of A. We define the category of representations of the 
2-signature (S,A) to be the full subcategory Rep A (S, A) of the category of representations 
of E whose objects are representations of (S,A). 
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4.32 Example (Ex. 4.28 continued): We denote by /3 the EuLC _ i nec L uat i on 

app o(abs x id) < subst . (/3) 
We write (£|_ILG P) := (^ULG {P})- A representation P of (Sulc> P) is given by 

• a monad P : Set — > Pre and 

• two morphisms of P-modules 

app : P x P -» P and abs : P' -» P 
such that for any set X and any y e P(X ') and z e PX 

app x (abs x (y),z) < y[*:=z] . 

4.4. Initiality for 2-Signatures 

Given a 2-signature (£,A), we would like to exhibit an initial object in its associated 
category of representations of (E,A). However, we have to rule out inequations which 
are never satisfied, since an empty category obviously does not not have an initial object. 
We restrict ourselves to inequations with a classic codomain: 

4.33 Definition (Classic Inequation): A S-inequation is classic if its codomain is classic. 

4.34 Theorem: For any set of classic H-inequations A, the category of representations of 
(S,A) has an initial object. 

Proof The basic ingredients for building the initial representation are given by the initial 
representation AS in the category Rep A (S) (cf. Lem. 4.21) or, equivalently by the initial 
representation S in Rep(S). We call S the monad underlying the representation S. 

The proof consists of three steps: at first, we define a preorder < A on the terms 
of S, induced by the set A of inequations. Afterwards we show that the data of the 
representation S — substitution, representation morphisms etc. — is compatible with 
the preorder < A in a suitable sense. This will yield a representation T, A of (S,A). Finally 
we show that T, A is the initial such representation. 
— The monad underlying the initial representation: 
For any set X, we equip TX with a preorder A by setting, for x, y e TX, 

x< A y :<^> VP : Rep A (S,A), i R (x) < R i R (y) , (4.4.1) 

where i R : AS — * R is the initial morphism of representations of S, cf. Lem. 4.21. We 
have to show that the map 

X~± A X~{TX,< A ) 
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yields a relative monad on A. The missing fact to prove is that the substitution with a 
morphism 

/ S Pre(AX, t A Y) = Set(X, SF) 

is compatible with the order < A : given any / e Pre(AX, T, A Y) we show that cr E (/) : 
Set(EX, S7) is monotone with respect to < A and hence (the carrier of) a morphism 
<t(/) : Pre(S A X, T* A Y). We overload the infix symbol »= to denote monadic substitution. 
Suppose x < A y, we show 

x^f < A y»=/ . 
Using the definition of < A , we must show, for any representation R of (£,A), 

i R (xx=f) < R i R (y^=f) ■ 

Since i R is a morphism of representations, it is compatible with the substitution of S and 
U*R; we have 

Rewriting this equality and its equivalent for y in the current goal yields the goal 

i R (x)^i R of < A i R (y)^i R of , 

which is true since the substitution of R (whose underlying map is that of U*R) is 
monotone in the first argument (cf. Rem. 2.86) and i R (x) < R i R (y) by assumption. We 
hence have defined a monad T, A over A. We interrupt the proof for an important lemma: 

4.35 Lemma: Given a classic Tr-module V : Rep A (S) — * LMod(A, wPre) from the category 
of representations of S in monads on A to the large category of modules over such monads, 
we have 

x < A y e V(S)pQ <=> VR : Rep A (S, A), V(i R )(x) <y« V(i R )(y) , 
where now and later we omit the argument X, e.g., in V*(i R )(X)(x). 

Proof of Lem. 4.35. The proof is done by induction on the derivation of "V classic". The 
only interesting case is where V = M x N is a product: 

(x 1) y 1 )<(x 2 ,y 2 )<^x 1 <i 2 Aji <y 2 

<=> VR.MGsXxj) < M(i R )(x 2 ) A VR,N(i R )( yi ) < iV(i R )(y 2 ) 
<=> VR, M(i R )(x!) < M(i R )(x 2 ) A iV(i R )(y 1 ) < iV(i R )(y 2 ) 
^VR,V(i R )(x 1 ,y 1 )<V(i R )(x 2 ,y 2 ) . 

□ 
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— Representing £ in T, A : 

Any arity seS should be represented by the module morphism s E , i.e. by the repre- 
sentation of 5 in S. We have to show that those representations are compatible with 
the preorder < A . Given x < A y in dom(s, we show (omitting the argument X in 

By definition, we have to show that, for any representation R as before, 

i R (sHx» < R i R (s s (y)) . 

Since i R is a morphism of representations, it commutes with the representational module 
morphisms — the corresponding diagram is similar to the diagram of Def. 4.17. By 
rewriting with this equality we obtain the goal 

S R ((dom( 5 )(^))(^)) < R 5 R ((dom( S )(^))(y)) • 

This goal is proved by instantiating Lem. 4.35 with the classic S-module dom(s) (cf. 
Def. 4.29) and the fact that s R is monotone. We hence have established a representation 

— which we call T, A — of £ in the monad T, A . 

— T, A satisfies A: 

The next step is to show that the representation T, A satisfies A. Given an inequation 

a<y: E7->V 

of A with a classic S-module V, we must show that for any setX and any x e 
in the domain of a we have 

<4\x) < A rf A U) • (4.4.2) 
In the following we omit the subscript X. By Lem. 4.35 the goal is equivalent to 

VR : Rep A (£,A), V(i R )(a^(x)) < v r V(i R )( Y Hx)) . (4.4.3) 

Let R be a representation of (E,A). We continue by proving Disp. (4.4.3) for R. By 
Rem. 4.24 and the fact that i R is also the carrier of a morphism of representations of £ 
from AS to R (cf. Lem. 4.20) we can rewrite the goal as 

a R ([/(; R )(*)) < y « r R (£/fe)M) , 

which is true since R satisfies A. 

— Initiality of T, A : 

Given any representation R of (S,A), the morphism i R is monotone with respect to the 
preorders on T, A and R by construction of < A . It is hence a morphism of representations 
from T, A to R. Uniqueness of the morphisms i R follows from its uniqueness in the category 
of representations of S, i.e. without inequations. Hence S A is the initial object in the 
category of representations of (S, A). □ 
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4.36 Remark: Note that the proof of the main theorem uses the equivalence proved in 
Lem. 4.35 in both directions. The implication from left to right would be ensured auto- 
matically if we had defined S-modules to be functors into the category LRMod(A, Pre) 
instead of LRMod(A, wPre). See Rem. 4.23 for an explanation why we still choose the 
latter category as codomain category. 

4.37 Remark: Note that for a classic S-module V we can actually prove the implication 
from left to right of Lem. 4.35 more generally: for any morphism of representations 
/ : P — > R (not just an initial one as in Lem. 4.35) the module morphism V(/) : V(P) — > 
V(R) is monotone. Again the only interesting case is where V = V 1 x V 2 is a product. Let 
X be a set and x = (x 1 ,x 2 ) and y = (yi,y 2 ) in V(P)(X): 

1; x 2 ) (yi,J2) <=> *i yi Ax 2 < v p y 2 

=> Vi(/)Oi) <y« WXyi) a v 2 Cf )0 2 ) < v r v 2 (/)(y 2 ) 

<=> (y 1 (JXx 1 ),V 2 (JXx 2 )) < v r (V 1 (/)(y 1 ),V 2 (/)(y 2 )) 
<*V(JXx 1 ,x 2 )< V RV(J)(y 1 ,y 2 ) . 

4.38 Example (Ex. 4.32 continued): The only inequation Disp. (/3) of the signature 
(EyLG P) i s classic. The initial representation of (S|jLC> P) ^ s given by the monad ULC^ 
together with the ULC^-module morphisms Abs and App (cf. Ex. 2.95) as representation 
structure. 

We conclude this section with some remarks about "generating inequalities", (regular) 
monads and fully faithful morphisms: 

4.39 Remark about "Generating" Inequations: Given a 2-signature (S,A) and a represen- 
tation R of S, the representation morphism of modules s R of any s e S of R is monotone. 
For the initial representation of (S, A) this means that any relation between terms of S 
which comes from A is automatically propagated into subterms. Similarly, the relation on 
those terms is by construction reflexive and transitive, since we consider representations 
in monads with codomain Pre. 

For the example of ULC^ this means that in order to obtain a complete reduction 
relation, it is sufficient to enforce only one rule by an inequation, which is 

(AM)iV < M[* :=N] . 

4.40 Remark about Finite Contexts: Altenkirch et al. [ACU10] characterize the untyped 
lambda calculus as a relative monad on the inclusion functor i : Fin — * Set from finite sets 
to sets. An anonymous referee suggested combining our viewpoint — syntax as monad 
over A : Set — * Pre — with Altenkirch et al.'s one might consider the lambda calculus 
as a relative monad on the composition A o i : Fin — » Pre, and, more generally, one 
might consider representations of a signature (S,A) over monads on A o i ; Fin — » Pre. 
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The above theorem remains true when replacing monads on A by monads on A o i 
everywhere. An equivalence between the theorem thus obtained and our Thm. 4.34 
might be established in a way similar to what Zsido [ZsilO] does in her PhD thesis: 
she shows, by means of adjunctions between the respective categories of models, the 
equivalence between the approach of Fiore et al. [FPT99] — based on monoids over 
finite contexts — and the approach of Hirschowitz and Maggesi [HM07a], where models 
are built from monads on the category Set, i.e. over arbitrary contexts. 

4.41 Remark about Monads on Pre: As mentioned in Sect. 1.5, Ghani and Liith [GL03] 
and Hirschowitz and Maggesi [HMlOa] suggest the use of monads over the category Pre 
of preordered sets for modelling syntax with a rewriting relation. Indeed, representa- 
tions of a signature (£,A) could be analogously defined for such monads. The above 
construction of the initial representation of (£, A) carries over to representations in such 
monads, thus yielding an initiality result in which syntax is modelled as monad on Pre. 
It might be interesting to establish a precise connection — e.g., in form of adjunctions — 
between the resulting categories of representations in monads on Pre and representations 
in relative monads on A. 

4.42 Remark about Fully Faithful Translations: By construction any morphism / : P — * Q 
of representations of a 2-signature (S,A) is faithful, i.e. it sends related terms x ~> y in 
P(X) to related terms f x (x) ~> f x {y ) in Q(X). It is natural to ask whether / is also full, 
that is, whether each f x : P(X) — * Q(X) is a full functor between the preorders P{X) and 
Q(X), considered as functors. Explicitly, this means to ask whether for any x, y e P(X) 
such that f x (x) ~> f x (y) in Q(X) we have x -~* y . 
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This chapter aims to combine the contents of Chapts. 3 and 4 in order to obtain an 
initiality result for simple type systems with reductions on the term level. This result 
thus accounts for our example from Sect. 1.1: the translation from PCF with its usual 
reduction relation to the untyped lambda calculus with beta reduction. The goal thus is 
to define a notion of signature and suitable representations for such signatures, such that 
the types and terms generated by the signature, equipped with reductions according to 
the inequations specified by the signature, form the initial representation. Analogously to 
the previous chapter, we define a notion of 2-signature with two levels: a syntactic level 
specifying types and terms of a language, and, on top of that, a semantic level specifying 
reduction rules on the terms. 

5.1. 1-Signatures 

From the syntactic point of view presented in Sect. 3.3.1.1, 1-signatures for types and 
terms are the same as in Chapt. 3, Def. 3.46. We have to adapt the semantic definition of 
signatures for terms, however, since we now work with relative monads on A r for some 
set T instead of monads over families of sets. The following definition is the analogue of 
Def. 3.34, adapted to the use of relative monads: 

5.1 Definition (Relative S-Monad): Given an algebraic signature S, the category S-RMnd 
of relative S-monads is defined as the category whose objects are pairs (T, P) of a 
representation T of S and a relative monad 

P : Set r Pre r . 

A morphism from (T, P) to (T' , P') is a pair (g,/) of a morphism of S-representations 
g : T — * T' and a morphism of relative monads / : P — * P' over the retyping functor g as 
in Rem. 2.89. 

Given n G N, we write S-RMnd n for the category whose objects are pairs (T, P) of 
a representation T of S and a relative monad P over A^. A morphism from (T, P) to 
(T',P') is a pair (g,f) of a morphism of S-representations g : T — > T' and a monad 
morphism / : P — * P' over the retyping functor g(n) defined in Def. 2.28. 

Similarly, we have a large category of modules over relative monads: 
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5.2 Definition (Large Category LRMod n (S, ®) of Modules): Given a natural number 
n e N, an algebraic signature S and a category &, we call LRMod n (S, 2?) the category an 
object of which is a pair (P, M) of a relative S-monad P e S-RM nd n and a P-module with 
codomain ®. A morphism to another such (Q, iV) is a pair (/, K) of a morphism of relative 
S-monads / : P — * Q in S-RMnd n and a morphism of relative modules h : M — > /*JV. 

As before, we sometimes just write the module — i.e. the second — component of 
an object or morphism of the large category of modules. Given M e LRMod n (S, ®), we 
thus write M(V) or M y for the value of the module on the object V. 

A half-arity over S of degree n is a functor from relative S-monads to the category of 
large modules of degree n: 

5.3 Definition (Half-Arity over S (of degree n)): Given an algebraic signature S and 
n e N, we call half-arity over S of degree n a functor 

a:S-RMnd^LRMod n (S,Pre) . 

which is pre-inverse to the forgetful functor. 

As before we restrict ourselves to a class of such functors. Again, we start with the 
tautological module: 

5.4 Definition (Tautological Module of Degree n): Given n€N, any relative monad R 
over A r induces a monad R n over with object map (V, t\,..., t n ) —> (RV, t 1 ,..., t n ). 
To any relative S-monad R we associate the tautological module of R n , 

e n (R):=(R n ,RjeLRMod n (S,Pre^ . 

Furthermore, we again use canonical natural transformations (cf. Def. 3.41) to build 
classic half-arities; these transformations specify context extension (derivation) and 
selection of specific object types (fibre) : 

5.5 Definition (Classic Half-Arity): As with monads (cf. Sect. 3.3), we restrict our 
attention to classic half-arities, which we define analogously to Def. 3.42 as constructed 
using derivations and products, starting from the fibres of the tautological module and 
the constant singleton module. We omit the precise statement of this definition. 

A half-arity of degree n thus associates, to any relative S-monad P over a set of types 
T, a family of P -modules indexed by T n : 

5.6 Remark Module of Higher Degree corresponds to a Family of Modules (II) : Remark 3.37 
applies analogously to modules over relative modules. More precisely, let T be a set and 
let R be a monad on the functor A r . Then a module M over the monad R n corresponds 
precisely to a family of R-modules (M t ) ter n by (un) currying. Similarly, a morphism 
a : M — * N of modules of degree n is equivalent to a family (a t ) ter n of morphisms of 
modules of degree zero with a t : M t — * N t . 
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An arity of degree n e N for terms over an algebraic signature S is defined to be a 
pair of functors from relative S-monads to modules in LRMod n (S, Pre). The degree n 
corresponds to the number of object type indices of its associated constructor. As an 
example, the arities of Abs and App of Ex. 1.3 are of degree 2. 

5.7 Definition (Term-Arity, Signature over S): A classic arity a over S of degree n is a 
pair 

s = (dom(a), cod(a)) 
of half-arities over S of degree n such that 

• dom(a) is classic and 

• cod(a) is of the form [8„] T for some canonical natural transformation t as in 
Def. 3.41. 

Any classic arity is thus syntactically of the form given in Disp. (3.3.5). Note, however, 
that the definition of in Sect. 3.3 differs from the one used in the present chapter. We 
write dom(a) — > cod(a) for the arity a, and dom(a,R) := dom(a)(R) and similar for 
the codomain and morphisms of relative S-monads. Given a weighted set (J,<2) as in 
Def. 3.44, a term-signature £ over S indexed by (J, d) is a J-family S of classic arities 
over S, the arity £(j) being of degree d(j) for any j e J. 

5.8 Definition (Typed Signature): A typed signature is a pair (S, £) consisting of an 
algebraic signature S for sorts and a term-signature £ (indexed by some weighted set) 
over S. 

5.9 Example: Ex. 3.47 and 3.48 still apply. Note, however, that the underlying definition 
of © differs from that of Sec. 3, and that fibre and derivation are adapted accordingly. 

5.2. Representations of 1-Signatures 

5.10 Definition (Representation of an Arity, a Signature over S): A representation of an 
arity a over S in an S-monad R is a morphism of relative modules 

dom(a,R) — * cod(a,R) . 

A representation R of a signature over S is a given by a relative S-monad — called R as 
well — and a representation a R of each arity a of S in R. 

Representations of (S, S) are the objects of a category Rep A (S, S), whose morphisms 
are defined as follows: 
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5.11 Definition (Morphism of Representations) : Given representations P and J? of a 
typed signature (S, E), a morphism of representations / : P — > R is given by a morphism 
of relative S-monads / : P — * R, such that for any arity a of S the following diagram of 
module morphisms commutes: 



dom(a, P) 

dom(a,/) 

dom(a,P) 



-> cod(a,P) 

cod(a,/) 

->cod(a,J?). 



5.12 Lemma: For any typed signature (S, E), the category of representations o/(S, S) has 
an initial object. 

Proof. The initial object is obtained, analogously to the untyped case (cf. Lem. 4.5, 4.20, 
4.21), via an adjunction A* H [/* between the categories of representations of (S, S) in 
relative monads and those in monads as in Chapt. 3. 

In more detail, to any relative S-monad (T, P) e S-RMnd we associate the S-monad 
U(T, P) := (T, UP) where U*P is the monad obtained by postcomposing with the forgetful 
functor U T : Pre r — * Set 7 . Substitution for U t P is defined, in each fibre, as in Lem. 2.83. 
For any arity s€E we have that 

dom(s, P) = dom(s, l^P) , 

and similar for the codomain. The postcomposed representation morphism L/*s(P) 
hence represents s in U*P in the sense of Chapt. 3. This defines the functor : 
Rep A (S,S) — * Rep(S,S). Conversely, to any S-monad we can associate a relative 
S-monad by postcomposing with A T : Set 7 — > Pre r , analogous to the untyped case in 
Def. 4.15, yielding A* : Rep(S, S) -> Rep A (S, S). In summary, the natural isomorphism 

if RiP : (Rep A (S,S))(A,P,P)= (Rep(S,S))(P,[/,P) 

is given by postcomposition with the forgetful functor (from left to right) resp. the functor 
A (from right to left). 

□ 



5.3. Inequations 

Analogously to the untyped case (cf. Defs. 4.22, 4.30), an inequation associates, to any 
representation of (S, S) in a relative monad P, two parallel morphisms of P-modules. 
However, similarly to arities, an inequation may now be, more precisely, a family of 
inequations, indexed by object types. Consider the simply-typed lambda calculus, which 
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was defined with typed abstraction and application. Similarly, we have a typed substitution 
operation for TLC, which substitutes a term of type s e Tj\_q for a free variable of type 
5 in a term of type t e Tjlo yielding again a term of type t. For s, t € Tj\_q and 
M e TLC(V* s ) t and IV e TLC(V) S , beta reduction is specified by 

A Sjt M(AO~>M[* :=JV] , 

where our notation hides the fact that not only abstraction, but also application and 
substitution are typed operations. More formally, such a reduction rule might read as a 
family of inequations between morphisms of modules 

app s>t o (abs s t x id) < _[* s := t J , 

where s,t€ Tj\_q range over types of the simply-typed lambda calculus. Analogously 
to Sect. 3.3, we want to specify the beta rule without referring to the set Tj\_q, but 
instead express it for an arbitrary representation R of the typed signature (S-tlg ^tlc) 
(cf. Exs. 3.2, 3.47), as in 

app K o (abs K x id) < _[* := J , 

where both the left and the right side of the inequation are given by suitable R-module 
morphisms of degree 2. Source and target of a half-equation accordingly are given 
by functors from representations of a typed signature (S, S) to a suitable category of 
modules. A half-equation then is a natural transformation between its source and target 
functor: 

5.13 Definition (Category of Half-Equations): Let (S,£) be a signature. An (S,S)- 
module U of degree n e N is a functor from the category of representations of (S, X) as 
defined in Sect. 5.2 to the category LRMod n (S, wPre) (cf. Def. 5.2) commuting with the 
forgetful functor to the category of relative monads. We define a morphism of (S, £)- 
modules to be a natural transformation which becomes the identity when composed with 
the forgetful functor. We call these morphisms half-equations (of degree n) . We write 
U R := U(R) for the image of the representation R under the S-module U, and similar for 
morphisms. 

5.14 Definition (Substitution as Half-Equation): Given a relative monad on A r , its 
associated substitution-of-one-variable operation (cf. Def. 2.111) yields a family of 
module morphisms, indexed by pairs (s, t) e T. By Rem. 5.6 this family is equivalent to a 
module morphism of degree 2. The assignment 

subst : R -» subst* : [k 2 ]\ x [R 2 ] 1 [R 2 ] 2 

thus yields a half-equation of degree 2 over any signature S. Its domain and codomain 
are classic. 
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5.15 Example (Ex. 3.47 continued): The map 

app o (abs x id) : R >-> app R o (abs R x id R ) : [R 2 ]l x [R 2 ] 1 -> [R 2 ] 2 
is a half-equation over the signature TLC, as well as over the signature of PCF. 

5.16 Definition: Any classic arity of degree n, 

* = x...x[e n ]^ ^[e„] CT , 

defines a classic S-module 

dom(s) : R ~ [R n ]£ X...X [R n ]^ . 

5.17 Definition (Inequation): Given a signature (S,£), an inequation over (S,£), or 
(S, T,)-inequation, of degree n € N is a pair of parallel half-equations between (S, £)- 
modules of degree n. We write a < y for the inequation (a, 7). We leave the degree 
implicit whenever possible, analogously to Rem. 3.33. 

5.18 Example (Beta Reduction): For any suitable 1-signature — i.e. for any 1-signature 
that has an arity for abstraction and an arity for application — we specify beta reduction 
through an inequation of degree 2 using the parallel half-equations of Def. 5.14 and 
Ex. 5.15: 

app o (abs x id) < subst : [9]3, x [e] x -> [9] 2 . 

5.19 Example (Fixpoints and Arithmetics of PCF): The reduction rules for PCF are 
informally given in Fig. A.4. We specify these reduction rules as inequations over the 
1-signature of PCF (cf. Ex. 3.48) as follows: 

app o (abs x id) < subst : [9] 3, x [Q] t [6] 2 

Fix < app o (id, Fix): [6] 1=>1 -> [e^ 
app o (Succ,n) < n+ 1 : * — * [9] t 
app o (Pred, 0) < : * -> [9] t 
app o (Pred, app o (Succ,n)) < n : * — * [9] t 
app o (Zero?, 0) < T : * [9] 
appo (Zero?, app o(Succ,n)) < F : * — * [9] 

5.20 Definition (Representation of Inequations) : A representation of an (S, T.)-inequation 
a < y : U — * V (of degree n) is any representation R over a set of types T of (S, S) such 
that a R < y R pointwise, i.e. if for any pointed context (X,t) e Set T x T n , any t€T and 
anyy eUj^t), 

a\y) < y\y) , (5.3.1) 
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where we omit the sort argument t as well as the context {X, t) from a and y. We say 
that such a representation R satisfies the inequation a < y. 

For a set A of (S, E)-inequations, we call representation o/((S, 2), A) any representation 
of (S, S) that satisfies each inequation of A. We define the category of representations of 
the 2-signature ((S, £),A) to be the full subcategory of the category of representations of 
S whose objects are representations of ((S, E),A). We also write (E,A) for ((S, £),A). 

According to Rem. 5.6, the inequation of Disp. (5.3.1) is equivalent to ask whether, for 
any t e T n , any t e T and anyy e [/f(X)(t), 

5.4. Initiality for 2-Signatures 

We are ready to state and prove an initiality result for typed signatures with inequations: 

5.2 1 Theorem: For any set of classic (S, T,)-inequations A, the category of representations 
o/((S, S),A) has an initial object. 

Proof The proof is analogous to that of the untyped case (c.f. Thm. 4.34). The fact 
that we now consider typed syntax introduces a minor complication, on the presentation 
of which we put the emphasis during the proof. The basic ingredients for building the 
initial representation are given by the initial representation (S, S) — or just £ for short — 
in the category Rep(S, S) of representations in monads on set families (cf. Thm. 3.53). 
Equivalently the ingredients come from the initial object (S, A^S) — or just A^T, for 
short — of representations without inequations in the category Rep A (S, 2) (cf. Lem. 5.12). 
We call £ resp. A*S the monad resp. relative monad underlying the initial representation 
The proof consists of 3 steps: at first, we define a preorder < A on the terms of 
£, induced by the set A of inequations. Afterwards we show that the data of the 
representation S — substitution, representation morphisms etc. — is compatible with 
the preorder < A in a suitable sense. This will yield a representation T, A of (S,A). Finally 
we show that T, A is the initial such representation. 
— The monad underlying the initial representation: 

For any context X G Set s and teS, we equip TX(t) with a preorder A by setting — 
morally, cf. below — , for x,y e SX(t), 

x< A y :^ VR:Rep(S,A), i R (x) < R i R (y) , (5.4.1) 

where i R : A* S — » R is the initial morphism of representations of (S, S), cf. Lem. 5.12. 
Note that the above definition in Disp. (5.4.1) is ill-typed: we have x e TX(t), which 
cannot be applied to (a fibre of) i R (X) : g(TX) — * R(gX). We denote by ip = tp R the 
natural isomorphism induced by the adjunction of Rem. 2.23 and Def. 2.22 obtained by 
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retyping — along the initial morphism of types g : S — * T = T R — towards the set T of 
"types" of R, 

<Px.r ■ Pre r (g(SZ),R(gX)) * Pre S (Zx,R(gX)og) . 

Instead of the above definition in Disp. (5.4.1), we should really write 

x< A y :<^> VR : Rep(£,A), (<p(i R>x )) (x) < R ((p^)) (y) , (5.4.2) 

where we omit the subscript "R" from <£. We have to show that the map 

X ~ t A X := (ZX, < A ) 

yields a relative monad on A s . The missing fact to prove is that the substitution with a 
morphism 

/ e Pre § (AX, = Set S (X, S7) 
is compatible with the order < A : given any / e Pre s (AX, t, A Y) we show that 

cr £ (/)eSet § (EX,sy) 

is monotone with respect to < A and hence (the carrier of) a morphism 

(T^Cf)ePre S (E A X ) S A y) . 



We overload the infix symbol »= to denote monadic substitution. Note that this notation 
now hides an implicit argument giving the sort of the term in which we substitute. 
Suppose x, y e SX(t) with x < A y, we show 

*»=/ <a y>=/ • 

Using the definition of < A , we must show, for a given representation R of 

(v(i R ))(x»=/) (v(i R ))(y»=/) • (5.4.3) 

Let g be the initial morphism of types towards the types of R. Since i := i R is a morphism 
of representations — and thus in particular a monad morphism, it is compatible with the 
substitution of S and R; we have 



g(tX) 



(5.4.4) 



a R (i Y ogf) 
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By applying the isomorphism ip on the diagram of Disp. (5.4.4), we obtain 

¥>(iy)°o-(/) = </> (iy ° sOCf))) 

= if {cr(i Y ogf)oi x ) 

= g* (a R {i Y ° gf)~) o V (i x ) . (5.4.5) 

Rewriting the equality of Disp. (5.4.5) twice in the goal Disp. (5.4.3) yields the goal 

g* (a R (i Y o if )) ((^fe ))(*)) = S* ° Sfj) (Ofe))(j)) > 

which is true since g* (cr R (iy °g_f)) is monotone and (<^(ix))(^) <r (</>fo))Cy) Dv 
hypothesis. We hence have defined a monad T, A over A s . 

5.22 Lemma: Lemma 4.35 generalizes to the typed setting of this chapter. 

Proof of Lem. 5.22. The proof is analogous to the proof of Lem. 4.35: we apply the same 
reasoning in the corresponding fibre. 

□ 

— Representing £ in T, A : 

Any arity s e £ should be represented by the module morphism s E , i.e. by the repre- 
sentation of s in S. We have to show that those representations are compatible with 
the preorder A. Given x < A y in dom(s, we show (omitting the argument^ in 
* >: (X)(.v)) 

By definition, we have to show that, for any representation R with initial morphism 
i = i R : S — * R as before, 

But these two sides are precisely the images of x and y under the upper-right composition 
of the diagram of Def. 5.11 for the morphism of representations i R . By rewriting with 
this diagram we obtain the goal 

5 R ((dom( 5 )GR))(*)) <r 5 R ((dom( 5 )G R ))(30) • 

We know that s R is monotone, thus it is sufficient to show 

(dom(s)(i R ))(x) < R (dom(s)(i i? ))(j) . 

This goal follows from Lem. 5.22 (instantiated for the classic S-module dom(s), cf. 
Def. 5.16) and the hypothesis x < A y. We hence have established a representation — 
which we call t, A — of S in t, A . 
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— S A satisfies A 

The next step is to show that the representation T, A satisfies A. Given an inequation 

a<y: U^V 

of A with a classic S-module V, we must show that for any context X e Set s , any t£S 
and any x e L/(S A )(X) t in the domain of a we have 

where here and later we omit the context argument X and the sort argument t. By 
Lem. 5.22 the goal is equivalent to 

VR : Rep(£,A), V(i R )(o^(x)) < v r V(i R XrHx)) . (5.4.6) 

Let R be a representation of (£,A). We continue by proving Disp. (5.4.6) for R. Re- 
mark 4.24 holds analogously in the typed setting of this chapter. The fact that i R is the 
carrier of a morphism of (S, S)-representations from AS to R allows to rewrite the goal 
as 

a R ([/(i K )(x)) < v r y R {U(i R Xx)) , 

which is true since R satisfies A. 

— Initiality of T, A : 

Given any representation R of (E, A), the morphism i R is monotone with respect to the 
orders on T, A and R by construction of < A . It is hence a morphism of representations from 
T, A to R. Uniqueness of the morphisms i R follows from its uniqueness in the category of 
representations of (S,E), i.e. without inequations. Hence (S,E A ) is the initial object in 
the category of representations of ((S, £), A). 

□ 

5.23 Remark Iteration Principle by Initiality: The universal property of the language 
generated by a 2-signature yields an iteration principle to define maps — translations — 
on this language, which are certified to be compatible with substitution and reduction 
in the source and target languages. How does this iteration principle work? More 
precisely, what data (and proof) needs to be specified in order to define such a translation 
via initiality from a language, say, (S,S A ) to another language (S^S^,), generated by 
signatures (S, S, A) and {S 1 , T,' , A'), respectively? The translation is a morphism — an 
initial one — in the category of representations of the signature (S, T.,A) of the source 
language. It is obtained by equipping the relative monad T,' A , underlying the target 
language with a representation of the signature (S, S,A). In more detail: 

1. we give a representation of the type signature S in the set §'. By initiality of S, this 
yields a translation S — * S' of sorts. 
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2. Afterwards, we specify a representation of the term signature £ in the monad 
S', by defining suitable (families) of morphisms of S^ ; -modules. This yields a 
representation R of (S, S) in the monad fl' ,. 

By initiality, we obtain a morphism / : (S, S) — > R of representations of (S, S), that is, we 
obtain a translation from (S, S) to (S', S') as the colax monad morphism underlying the 
morphism / . However, we have not yet ensured that the translation / is compatible with 
the respective reduction preorders in the source and target languages. 

3. Finally, we verify that the representation R of (S, S) satisfies the inequations of A, 
that is, we check whether, for each a < y : U — » V e A, and for each context V, 
each t e S and x e Uy(t), 

a R (x) < r R M . 

After verifying that R satisfies the inequations of A, the representation R is in fact a 
representation of (S, S, A). The initial morphism / thus yields a faithful translation from 

(S,S A ) to (S',t' A ,). 

5.24 Example (Translation from PCF to ULC, Exs. 3.54 and 5.19 cont.): Recall the 
translations from PCF to the untyped lambda calculus of Ex. 3.54. We might attempt to 
specify the same translations using the iteration operator obtained by Thm. 5.21, where 
PCF is equipped with the reduction relation generated by the inequations of Ex. 5.19 and 
ULC is equipped with beta reduction as in Ex. 4.32. However, representing the fixedpoint 
operator of PCF by the lambda term 6 fails, for reasons explained at the end of Chapt. 9. 

For the translation of PCF to the lambda calculus mapping the fixedpoint operator of 
PCF to the Turing fixedpoint combinator, we have formalized its specification via initiality 
in the proof assistant Coq [CoqlO]. After constructing the category of representations of 
PCF, we equip the untyped lambda calculus with a representations of PCF, representing 
the arity Fix by the Turing operator 8. The formalization is explained in Chapt. 9. Note 
that the translation is given by a Coq function and hence executable. 
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6. Formalizing Category Theory in Coq 



In this chapter we describe our computer formalization of general concepts of category 
theory as presented in Chapt. 2. We start with a brief introduction to our favourite 
theorem prover Coq [CoqlO]. We then describe the challenges one encounters when one 
attempts to formalize algebraic structures in general, and category theory in particular, 
in Coq. Finally we present our implementation of monads and modules over monads as 
well as their relative counterparts. Throughout the chapter we explain features of Coq 
when we first encounter them. 

6.1. About the Proof Assistant Coq 

The proof assistant Coq [CoqlO] is an implementation of the Calculus of Inductive 
Constructions (CIC) which itself is a constructive type theory. Its objects are terms built 
according to a grammar (see the Coq manual [ThelO] for the term forming rules). 
Each valid term has its associated type which is itself a term and which is automatically 
computed by Coq. In Coq a typing judgment is written t : T, meaning that t is a term 
of type T. Typing judgments are for example 1 : Nat and plus : Nat — > Nat -> Nat. 
Function application is simply denoted by a blank, i.e. we write f x for _f (x). 

The CIC also treats propositions as types via the Curry-Howard isomorphism, hence a 
proof of a proposition P is in fact a term of type P. Accordingly, a proof of a proposition 
A => B is a function A — * B, i.e. a term which associates a proof of B to any proof of A. 
As an example, the function id : P — * P is a proof of the tautology P => P. In the proof 
assistant Coq a user hence proves a proposition P by providing a term p of type P. Coq 
checks the validity of the proof p by checking whether p : P. 

Coq comes with extensive support to interactively build the proof terms of a given 
proposition. In proof mode so-called tactics help the users to reduce the proposition they 
want to prove — the goal — into one or more simpler subgoals, until reaching trivial 
subgoals which can be solved directly. 

Particular concepts of Coq such as records and type classes, setoids, implicit arguments 
and coercions are explained in a call-by-need fashion in the course of the thesis. One 
important feature is the Section mechanism (cf. also the Coq manual [ThelO]). Parame- 
ters and hypotheses declared in a section automatically get discharged when closing the 
section. Constants of the section then become functions, depending on an argument of 
the type of the parameter they mentioned. We illustrate this concept by means of a small 
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example; consider the following Coq declarations: 

Section def_double. 
Variable n : nat. 
Definition double : nat := 2 * n. 
Check double, 
double 

: nat 

Print Assumptions double. 
Section Variables: 
n : nat 

Inside the section defdouble, the constant double is of type nat, as we verify using the 
Check command. Furthermore, it depends on the section variable n : nat declared using 
the Variable vernacular command. After closing the section, the constant double is a 
closed term of function type: 

End def_double. 
Check double, 
double 

: nat — > nat 
Print Assumptions double. 
Closed under the global context 
Eval compute in double 4. 
= 8 : nat 

In our formalization, we use the Section mechanism extensively. When presenting 
a definition depending on section variables, we either give a slightly modified, fully 
discharged version of the statement — compared to the actual Coq code — , or mention 
the section variables informally in the text. 

6.2. Formalizing Algebraic Structures 

An algebraic structure typically is given by some data — i.e. sets and operations on them 
— that satisfies given properties. For instance, a group is given by a set, together with a 
binary associative multiplication and a unit element, such that any element of the set 
has a multiplicative inverse. Such algebraic structures are defined in a hierarchic way: 
for instance, any group is a particular monoid that admits inverses. Thus any group is a 
monoid. The other way round, given a group, if multiplication is commutative, then this 
group is actually abelian, and the group is an element of the class of abelian groups. 

This hierarchic structure poses a major problem in the formalization of classic mathe- 
matics, and the question of how to formalize algebraic structures is a subject of active 
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research. Put simply, the main question is how tightly one should pack together the 
data and properties of an algebraic structure. If data and properties are packed together 
tightly, then operations and properties can easily be associated to their respective under- 
lying sets, and this allows for overloading notation and coercions. On the other hand, 
this tight packing makes it difficult to "add" data and properties to an instance of an 
algebraic structure, e.g., to consider a group, for which one has proved commutativity 
of multiplication, as an abelian group. We do not attempt to propose a solution to the 
challenge of how to formalize algebraic structures. However, we need to choose from the 
existing solutions. In Coq there are basically two possible answers: records, employed 
e.g., by Garillot et al. [GGMR09], correspond to a tight packing of algebraic structure, 
whereas type classes [SO08], as used by Spitters and v. d. Weegen [SvdWll], correspond 
to a rather loose packaging. 

Coq records are implemented as an inductive data type with one constructor, However, 
use of the vernacular command Record (instead of plain Inductive) allows the optional 
automatic definition of the projection functions to the constructor arguments - the "fields" 
of the record. Additionally, one can declare those projections as coercions, i.e. they 
can be inserted automatically by Coq, and left out in printing. As an example for a 
coercion, it allows us to write c : C for an object c of a category C. Here the projection 
from the category type to the type of objects of a category is declared as a coercion (cf. 
Code 6.1). This is the formal counterpart to the convention introduced in the informal 
definition of categories in Def. 2.1. Another example of coercion is given in the definition 
of monad (cf. Def. 2.33), where it corresponds precisely to the there-mentioned abuse 
of notation. Finally, an example of coercion that is not given by a projection is given by 
the tautological module, i.e. the map that associates to any monad P the tautological 
P-module (cf. Def. 2.48). 

Type classes are implemented as records. Similarly to the difference between records 
and inductive types, type classes are distinguished from records only in that some 
meta-theoretic features are automatically enabled when declaring an algebraic structure 
as a class rather than a record. For details we refer to Sozeau's article about the 
implementation of type classes [SO08] and Spitters and v. d. Weegen's work [SvdWll]. 
Type classes differ from records in their usage, more specifically, in which data one 
declares as a parameter of the structure and which one declares as afield. The following 
example, borrowed from [SvdWll], illustrates the different uses; we give two definitions 
of the algebraic structure of reflexive relation, one in terms of classes and one in terms of 
records: 

Class Reflexive {A : Type}{R : relation A} := 
reflexive : forall a, R a a. 

Record Reflexive := { 
carrier : Type ; 
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car_rel : relation carrier ; 

rel refl : forall a, car rel a a }. 

Our main interest in classes comes from the fact that by using classes many of the 
arguments of projections are automatically declared as implicit arguments. This leads 
to more readable code since arguments that can be deduced by Coq do not have to 
be written down. Thus it corresponds precisely to the mathematical practice of not 
mentioning arguments (e.g. indices) which "are clear from the context". An instance of 
this behaviour can be seen in the definition of category in Def. 2.1, where we omit the 3 
"object" arguments — written as an index — of the dependent composition of morphisms. 
In particular, the structure argument of the projection, that is, the argument specifying 
the instance whose field we want to access, is implicit and deduced automatically by Coq. 
This mechanism allows for overloading, a prime example being the implementation of 
setoids (cf. Sect. 6.3.3) as a type class; in a term "a == b" denoting setoidal equality, 
Coq automatically finds the correct setoid instance from the type of a and b 1 . 

We decide to define our algebraic structures in terms of type classes first, and bundle 
the class together with some of the class parameters in a record afterwards, as is shown 
in the following example for the type class Cat_struct (cf. Code 6.3) and the bundling 
record Cat. 

6.1 Code (Bundling a type class into a record): 

Record Cat := { 
obj:> Type ; 

mor: obj — > obj — > Type ; 
cat struct:> Catstruct mor }. 

This duplication of Coq definitions is a burden rather than a feature. We still proceed 
like this for the following reasons: in our case the use of records is unavoidable since 
we want to have a Coq type of categories, of functors between two given categories, etc. 
This is necessary when those objects — functors, for instance — shall themselves be the 
objects or morphisms of some category, as is clear from Code 6.1. However, we profit 
from aforementioned features of type classes, notably automatic declaration of some 
arguments as implicit and the resulting overloading. 

Apart from that, we do not employ any feature that makes the use of type classes 
comfortable — such as maximally inserted arguments, operational classes, etc. — since 
we usually work with the bundled versions. Readers who are interested in how to use 
type classes in Coq properly, are advised to take a look at Spitters and v. d. Weegen's 
paper [SvdWll]. There, the authors employ the mentioned bundling of type classes in 

1 Beware! In case several instances of setoid have been declared on one and the same Coq type, the 
instance chosen by Coq might not be the one intended by the user. This is the main reason for Spitters 
and v. d. Weegen to restrict the fields of type classes to propositions. 
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records only when necessary, e.g., when the considered structures are to be the objects 
or morphisms of some category. 

6.3. Formalizing Categories 

As seen in Sect. 2.1, there are two definitions of category (Def. 2.1, Rem. 2.3), which 
are equivalent from the point of view of a mathematician. When implementing cat- 
egory theory in dependent type theory, however, one needs to choose the one or the 
other definition. This section explains how we implement categories in Coq and some 
consequences of our design choice. 

6.3.1. Which Definition to Formalize — Dependent Horn-Sets? 

The main difference concerning formalization between these two definitions is that of 
composability of morphisms. The first definition can be implemented directly only in type 
theories featuring dependent types, such as the Calculus of Inductive Constructions (CIC) . 
The ambient type system, i.e. the prover, then takes care of composability - terms with 
compositions of non-composable morphisms are rejected as ill-typed terms. 

The second definition can be implemented also in provers with a simpler type system 
such as the family of HOL theorem provers. However, since those (as well as the CIC) 
are theories where functions are total, one is left with the question of how to implement 
composition. Composition might then be implemented either as a functional relation 
or as a total function about which nothing is known (deducible) on non-composable 
morphisms. The second possibility is implemented in O'Keefe's library [O'K04]. There 
the author also gives an overview of available formalizations in different theorem provers 
with particular attention to the choice of the definition of category. 

In our favourite prover Coq, both definitions have been employed in significant 
developments: the second definition is used in Simpson's construction of the Gabriel- 
Zisman localization [Sim06], whereas Huet and Saibi's ConCaT [HS98] uses type 
families of morphisms as in Def. 2.1. To our knowledge there is no library in a prover 
with dependent types such as Coq or NuPrl [CAA + 86] which develops and compares 
both definitions with respect to provability, readability, and other criteria. 

We decided to construct our library using type families of morphisms. In this way the 
proof of composability of two morphisms is done by Coq type computation automatically. 
As a consequence, we are sometimes obliged to insert trivial isomorphisms between 
equal — but not convertible — objects of some category, in order to make compositions 
typecheck. For an example see Sect. 7.1.2. 

Coq's implicit argument mechanism allows us to omit the deducible arguments, as we 
do in Def. 2.1 for the "object arguments" c, d and e of the composition. Together with 
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the possibility to define infix notations, this brings our formal syntax close to informal 
mathematical syntax. 

6.3.2. Setoidal Equality on Morphisms 

All the properties of a category concern equality of two parallel morphisms, i.e. mor- 
phisms with same source and target. In Coq there is a polymorphic equality, called Leibniz 
equality, readily available for any type. However, this equality actually denotes syntactic 
equality, which already in the case of maps does not coincide with the "mathematical" 
equality on maps - given by pointwise equality - that we would rather consider. With the 
use of axioms — for the mentioned example of maps the axiom functional extensionality 
from the Coq standard library — one can often deduce Leibniz equality from the "mathe- 
matical equality" in question. But this easily gets cumbersome, in particular when the 
morphisms — as will be in our case — are sophisticated algebraic structures composed 
of a lot of data and properties. Instead, we require any collection of morphisms ^(c, d) 
for objects c and d of ^ to be equipped with an equivalence relation, which plays the 
role of equality on this collection. In the Coq standard library equivalence relations are 
implemented as a type class with the underlying type as a parameter A, and the relation 
as well as a proof of it being an equivalence as fields: 

6.2 Code (Setoid Type Class): 

Class Setoid A := { 
equiv : relation A ; 

setoidequiv :> Equivalence equiv }. 

Setoids as morphisms of a category have been used by Aczel [Acz93] in LEGO (there 
a setoid is simply called "set") and Huet and Sai'bi (HS) [HS98] in Coq. HS's setoids 
are implemented as records of which the underlying type is a component instead of a 
parameter. This choice makes it necessary to duplicate the definitions of setoids and 
categories in order to make them available with a "higher" type 2 . 

6.3.3. Coq Setoids and Setoid Morphisms 

Setoids in Coq are implemented as a type class (cf. Code 6.2) with a type parameter A 
and a relation on A as well as a proof of this relation being an equivalence as fields. For 
the term equiv a b the infix notation "a == b" is introduced. The instance argument of 
equiv is implicit (cf. Sect. 6.2). 

2 In HS's ConCaT, a type T that is defined after the type of setoids cannot be the carrier of a setoid itself. As 
a remedy, HS define a type Setoid' isomorphic to Setoid after the definition of T. The type of Setoid' 
now being higher than that of T, one can define a term of type Setoid' whose carrier is T. 
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A morphism ofsetoids between setoids A and B is a Coq function on the underlying 
types which is compatible with the setoid relations on the source and target. That is, it 
maps equivalent terms of A to equivalent terms of B, or, in mathematical notation, 

a= A a implies /(a)=s/(a / ) . (6.3.1) 

In the Coq standard library such morphisms are implemented as a type class 

Class Proper {A} (R : relation A) (m : A) : Prop := 
proper_prf : R m m. 

where the type A is instantiated with a function type A — > B and the relation R on 
A — > B is instantiated with pointwise compatibility 3 : 

Definition respectful (A B : Type) (R : relation A) (R' : relation B) := 
fun f g => forall x y, R x y -> R' (f x) (g y). 

Notation 11 R ==> R' 11 := (©respectful (R%signature) (R'%signature)) 

(right associativity, at level 55) : signature scope. 

Given Coq types A and B equipped with relations R : relation A and R' : relation B, 
respectively, and a map f : A — > B, the statement Proper (R ==> R')f — replacing 
aforementioned notation — really means 

Proper (respectful R R') f , 

which is the same as respectful R R' f f, which itself just means 
forall x y, R x y -> R' (fx) (f y) . 

This is indeed the statement of Disp. (6.3.1) in the special case that R and R' are 
equivalence relations. 

For any component of an algebraic structure that is a map defined on setoids, we 
add a condition of the form Proper... in the formalization. Examples are the categorical 
composition (Code 6.3) and the monadic substitution map (Code 6.10). Rewriting related 
terms under those equivalence relations is tightly integrated in the rewrite tactic of Coq. 

6.3.4. Coq Implementation of Categories 

As a result of the aforementioned considerations, we adopt Sozeau's definition of category 
[SO08], which itself is a variant of the definition given by Huet and Saibi [HS98]. Unlike 
Huet and Saibi's contribution ConCaT, Sozeau's approach uses type classes for algebraic 
structures and thus avoids the universe inconsistencies that have to be circumvented by 
duplicating definitions in ConCaT (cf. Sect. 6.3.2). More precisely, in Sozeau's imple- 
mentation of setoids (cf. Code 6.2), the carrier type is a parameter instead of afield as in 

3 In the Coq standard library the definition of respectful is actually a special case of a more general 
definition of a heterogeneous relation respectful hetero. 
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Huet and Saibi's. Our type class of categories is parametrized by a type of objects and a 
type family of morphisms, whose parameters are the source and target objects. 

6.3 Code (Type Class of Categories): 

Class Cat struct (obj : Type)(mor : obj — > obj — > Type) := { 
mor_oid :> forall a b, Setoid (mor a b) ; 
id : forall a, mor a a ; 

comp : forall {a b c}, mor a b — > mor b c — > mor a c ; 

comp_oid :> forall a b c, Proper (equiv ==> equiv ==> equiv) (Ocomp a b c) 

id r : forall a b (f: mor a b), comp f (id b) == f ; 

id_l : forall a b (f: mor a b), comp (id a) f == f ; 
assoc : forall a b c d (f: mor a b) (g:mor b c) (h: mor c d), 
comp (comp f g) h == comp f (comp g h) }. 

Compared to Def. 2.1 there are two additional fields: the field 

mor oid :> forall a b, Setoid (mor a b) 

equips each collection of morphisms mor a b with a custom equivalence relation. The 
field compoid states that the composition comp of the category is compatible with 
the setoidal structure on the morphisms given by the field mor_oid as explained in 
Sect. 6.3.3. We recall that setoidal equality is overloaded and denoted by the infix symbol 

'=='. In the following we write 'a > b' for mor a b and f;;g for the composition of 

morphisms f : a > b and g : b > c 4 . 

6.3.5. The Categories of Interest 

The category Set is formalized in Coq as the category of Coq types. By using Coq types 
and functions as objects and morphisms of this category, we obtain executable Coq 
substitution and translation maps, cf. Code 9.11. 

6.4 Code (Set, Def. 2.4): 

Program Instance TYPE struct : Cat struct (fun a b => a -> b) := { 
mor_oid a b := TYPE_hom_oid a b ; 
id a := fun x : a => x ; 

comp a b c := fun (f : a — > b) (g : b — > c) => fun x => g (f x) }. 

In this instance declaration, the fields id r, id I and assoc are filled automatically by 

the Program framework, cf. Sect. 6.3.7. For a set T, the category Set r of Def. 2.20 has, 

4 Coq deduces and inserts the missing "object" arguments a, b and c of the composition automatically from 
the type of the morphisms. For this reason those arguments are called implicit (cf. Sect. 6.2). 
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as objects, Coq type families indexed by T. Morphisms between two such objects are 
suitable families of Coq functions : 

6.5 Code (Category of Type Families): 

Program Instance ITYPE_struct : Cat_struct (obj := T — > Type) 
(fun A B => forall t, A t -> B t) := { 
mor oid := INDEXED TYPE oid ; (* pointwise equal, in each component * ) 

comp A B C f g := fun t => fun x => g t (f t x) ; 
id A := fun t x => x } . 

We also employ categories whose objects are families of preordered sets (i.e. Coq types), 
and morphisms are monotone Coq functions. We omit their definition. 

6.3.6. Initial Objects 

Initial objects have been defined in Def. 2.5. Formally, we implement the initiality 
structure as a type class, parametrized by categories. Its fields are given by an object 
I nit of the category, a map InitMor mapping each object a of the category to a morphism 
from I nit to a and a proposition stating that InitMor a is unique for any object a. 

Class Initial (C : Cat) := { 
Init : C ; 

InitMor: forall a : C, Init > a ; 

InitMorUnique: forall a (f : Init > a), f == InitMor a }. 

Note that the initial morphism is not given by an existential statement of the form 
Va, 3f : . . ., or, in Coq terms, using an exists statement. This is because the Coq 
existential lies in Prop and hence does not allow for elimination — witness extraction — 
when building anything but proofs. 

6.3.7. Interlude on the Program feature 

The Program Instance vernacular allows to fill in fields of an instance of a type class by 
means of tactics. Indeed, when omitting a field in an instance declaration — such as 

the proofs of associativity assoc and left and right identity id_l and id r in Code 6.4. — 

the Program framework creates an obligation for each missing field, making use of the 
information that the user provided for the other fields. As an example, the obligation 
created for the field assoc of the previous example is to prove associativity for the 
composition defined by 

comp f g := fun x => g (f x) . 
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It then tries to solve the resulting obligations using the tactic that the user has specified 
via the Obligation Tactic command. In case the automatic resolution of the obligation 
fails, the user can enter the interactive proof mode finish the proof manually 

It is technically possible to fill in both data and proof fields automatically via the 
Program framework. However, in order to avoid the automatic inference of data which 
we cannot control, we always specify data directly as is done in Code 6.4, and rely on 
automation via Program only for proofs. 

6.3.8. Retyping and Option 

We present the formalization of some commonly used definitions. The reader might want 
to skip this section and come back to it when being pointed back here. 

We define retyping (cf. Rem. 2.23) for families of sets and preordered sets through an 
inductive type: 

6.6 Code (Retyping Functor, Rem. 2.23): 

Variables (T V : Type) (g : T -> T). 
Inductive retype (V : I TYPE T) : I TYPE V := 
ctype : forall t, V t — > retype V (g t). 

The constructor ctype : forall V t, V t — > retype V (g t) is the carrier of the natural 
transformation of the same name of Rem. 2.23. Given a family V of preordered sets, the 
preorder on g V is induced by the preorder on V : 

Inductive retype_ord (V : IPO T) : forall u, relation (retype g V (u)) := 
ctype ord : forall t (x y : V t), x <<< y 

— > retype ord (ctype g x) (ctype g y). 

The option data type is implemented in the module Coq. I nit. Datatypes of the Coq stan- 
dard library. 

6.7 Code (Option, Sect. 2.2.3.1): 

Inductive option (A:Type) : Type := 
Some : A — > option A 
None : option A. 

We can turn the map A >-* A' := A + {*} into a monad as follows: 

6.8 Code (Option Monad): 

Program Instance option_monad _s : 
Monad struct (C:=TYPE) (option) := { 
weta := @Some ; 

kleisli a b f := fun t => match t with 
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Some y => f y 
None => None 
end }. 

There is also a typed variant of the option data type: 

6.9 Code (Typed Option, Sect. 2.2.3.1): 

Inductive opt (u : T) (V : I TYPE T) : I TYPE T : = 
| some : forall t : T, V t -> opt u V t 
none : opt u V u. 

Given a list I over T, the multiple addition of variables with (object language) types 
according to I to a set of variables V is defined by recursion over I. For this enriched set 
of variables we introduce the notation V * * I. 

Fixpoint pow (I : [T]) (V : I TYPE T) : I TYPE T : = 
match I with 
nil => V 

b::bs => pow bs (opt b V) 
end. 

The map opt is functorial, as is the multiple addition of variables pow. On morphisms 
the pow operation is defined by recursively applying the functoriality of opt, where for 
the latter we use a special notation with a prefixed hat. 

Fixpoint powmap (I : [T]) VW (f : V > W) : 

V * * | > VV * * I := 

match I return V * * I > W * * I with 

nil => f 

b::bs => pow map ("f) 
end. 



6.4. Monads, Modules and their Morphisms 

Implementing monads leaves one with the choice between the definitions given in 
Def. 2.33 and Def. 2.65. The first definition, while preferred by category theorists, has the 
inconvenience that defining instances of monads such as monadic syntax would require 
proving commutativity of the square, e.g., using multiple induction for monadic syntax. 
Furthermore the second definition is well-known in the programming community for its 
use in Haskell. We thus decide to implement the definition of Def. 2.65. Since we are 
mainly interested in its instances over the category of (families of) sets, we can define 
convenient infix notation for its substitution. 
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Formally, a monad (cf. Def. 2.65) is a type class parametrized by a category C and a 
function F : C — > C on the objects of C: 

6.10 Code (Monad, Def. 2.65): 

Class Monad struct (C : Cat) (F : C -> C) := { 
weta : forall c, c > (F c); 

kleisli : forall a b, (a > F b) -> (F a > F b); 

kl eisl i oid :> forall a b, Proper (equiv ==> equiv) (kleisli (a:=a) (b:=b)); 

eta kl : forall a b (f : a > F b), weta a ;; kleisli f == f; 

kleta : forall a, kleisli (weta a) == id _; 

dist : forall a b c (f : a > F b) (g : b > F c), 

kleisli f ;; kleisli g == kleisli (f ;; kleisli g) }. 

Monads admit a functorial structure: 

6.11 Code (Functoriality for Monads, Rem. 2.66): 
Variable T : Monad C. 

Definition lift : forall a b (f: a > b), T a > T b : = 

fun a b f => kleisli (f ;; weta b). 

We present two different implementations of monad morphisms. The more general 
definition implements colax monad morphisms as defined in Def. 2.69: 

6.12 Code (Colax Monad Morphism, Def. 2.69): 

Class colax Monad Hom struct (Tau : forall c, F (P c) > Q (F c)) := { 

gen_monad homkl : forall c d (f : c > P d), 

#F (kleisli f) ;; Tau _ == 

Tau _ ;; (kleisli (#F f ;; Tau _ )) ; 
gen_monad_hom_weta : forall c : C, 

#F (weta c) ;; Tau _ == weta _ }. 

When working exclusively with a special case of a more general definition, it is more 
convenient to implement this special case as a separate definition: for two monads P 
and Q over the same category C, a simple morphism of monads — as used in Sect. 3.2 — 
is given by a family of morphisms t c e "i^(Pc,Qc) that is compatible with the monadic 
structure: 

6.13 Code (Simple Monad Morphism, Def. 3.12): 

Class Monad_Homstruct (Tau: forall c, P c > Q c) := { 

monad horn kl: forall c d (f: c > P d), 

kleisli f ;; Tau d == Tau c ;; kleisli (f ;; Tau d) ; 
monad_hom_weta: forall c: C, weta c ;; Tau c == weta c }. 
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It follows from these commutativity properties that the family t is a natural transforma- 
tion between the functors induced by the monads P and Q. Given a monad P over % ', a 
P-module with codomain D is formalized as follows: 

6.14 Code (Module, Def. 2.71): 

Variable P : Monad C. 

Class Module_struct (M : C -> D) := { 

mkleisli: forall c d, (c > P d) -> (M c > M d); 

mkleisli oid :> forall c d, Proper (equiv ==> equiv) (mkleisli (c:=c)(d:=d)); 

mkl_weta: forall c, mkleisli (weta c) == id _ ; 

mkl_mkl: forall c d e (f : c > P d) (g : d > P e), 

mkleisli f ;; mkleisli g == mkleisli (f ;; kleisli g) }. 

For two modules S and T with codomain & over a monad P as above, a module morphism 
from S to T is given by a family of maps, indexed by the objects of , commuting with 
module substitution: 

6.15 Code (Module Morphism, Def. 2.73): 

Class Module_Hom_struct (N: forall x, S x > Tx) :={ 

mod_hom_mkl: forall c d (f: c > P d), 

mkleisli f ;; N _ == N _ ;; mkleisli f }. 

6.5. Relative Monads, Formalized 

As opposed to (plain) monads, we have only one definition of relative monads available. 
The implementation of this definition in Coq is similar to that of monads (cf. Code 6.10). 
Given a functor F : ^ — » @, a relative monad is given by a map T : ^ — * & on the objects 
of the categories involved, and data analogous to that of a monad: 

6.16 Code (Relative Monad, Def. 2.75): 

Variables C D : Cat. 
Variable F : Functor C D. 
Class RMonad_struct (T : C -> D) := { 
rweta: forall c : C, F c > T c ; 

rkleisli: forall a b : C, F a > T b -> T a > T b ; 

rkleisli oid:> forall a b, Proper (equiv ==> equiv) (rkleisli (a:=a) (b:=b)) ; 

reta _kl : forall a b: obC, forall f : F a > T b, rweta a ;; rkleisli f == f ; 

rkl eta : forall a, rkleisli (rweta a) == id _ ; 

rdist: forall a b c (f : F a > T b) (g : F b > T c), 

rkleisli f ;; rkleisli g == rkleisli (f ;; rkleisli g) }. 
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Analogously to monads we define functoriality for a given relative monad P: 

6.17 Code (Functoriality for Relative Monads, Rem. 2.80): 
Variable P : RMonad C. 

Definition rlift : forall a b (f : a > b), P a > P b := 

fun a b f => rkleisli (#F f ;; rweta b). 

In the following we consider morphisms of relative monads in varying generality: one 
definition (Def. 4.3) is analogous to the simple morphisms of monads (cf. Code 6.13), 
another implements the colax version of Def. 2.87. For the statement of the second, 
general, definition, we place ourselves in the environment given in Def. 2.87. In short, 
we have a natural transformation N : F'G => G'F : — * Si'. 

6.18 Code (Colax Morphism of Relative Monads, Def. 2.87): 
Variable N : NT (CompF G F') (CompF F G'). 

Class colax RMonad Hom struct (tau: forall c : C, G' (P c) > Q (G c)):={ 

gen_rmonad homrweta : forall c : C, 

N _ ;; #G' (rweta c) ;; tau c == rweta (G c) ; 

gen_rmonad_hom_rkl : forall (c d : C) (f : F c > P d), 

#G' (rkleisli f) ;; tau d == tau c ;; rkleisli (a:=G c) (N c ;; #G' f ;; tau _ ) }. 

A module M over a relative monad P (on a functor F) is given by data similar to that of a 
module over a monad, except for the insertion of applications of F where necessary. 

6.19 Code (Module over a Relative Monad, Def. 2.90): 

Class RModulestruct (M : C -> E) := { 

rmkleisli: forall c d (f : F c > P d), M c > M d ; 

rmkleisli oid :> forall c d, Proper (equiv ==> equiv) (rmkleisli (c:=c)(d:=d)) ; 

rmkl_rweta: forall c : C, rmkleisli (rweta c) == id (M c) ; 

rmkl_rmkl: forall c d e (f : F c > P d) (g : F d > P e), 

rmkleisli f ;; rmkleisli g == rmkleisli (f ;; rkleisli g) }. 

Given two modules M and N with codomain @ over a relative monad P, a module 
morphism from M to N is given by a collection of maps (S c : Mc — * Nc) c£ ^ commuting 
with module substitution: 

6.20 Code (Morphism of Relative Modules, Def. 2.94): 
Variables M N : RModule P D. 

Class RModule Horn struct (S : forall c : C, M c > N c) := { 

rmod_hom_rmkl: forall c d (f : F c > P d), 

rmkleisli f ;; S d == S c ;; rmkleisli f }. 
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In this chapter we describe the formalization in the proof assistant Coq [CoqlO] of Zsido's 
initiality theorem presented in Sect. 3.2. In particular, we explain what we omitted in 
the informal presentation — the construction of the initial representation of a given 
simply-typed signature. 

7.1. Signatures & Representations 

An arity determines the type and binding behaviour of a constructor, and a signature is a 
family of arities. A representation of a signature S is given by a monad P (over a suitable 
category) and a morphism of P-modules for each arity a of S, where the source and 
target module of this morphism are determined by a. Among those representations the 
object of interest is the initial one, i.e. the representation from which there exists exactly 
one morphism of representations to any other representation. The initial representation is 
called syntax generated by S. 

7.1.1. Using Lists for Algebraic Arities & Signatures 

For the formal definitions let us fix a set T of object language types. As explained in 
Def. 3.20, an algebraic arity over T is determined by a pair of a list of data and an 
element t e T, yielding an efficient and concise way to specify algebraic arities. An 
algebraic signature could thus be implemented — as in Def. 3.9 — as a pair consisting 
of a type sig index — which is used for indexing the arities — and a map from the 
indexing type to the actual arity type, which is simply built using lists — for which we 
employ a Haskell-like notation — and products: 

7.1 Code (Signature, Def. 3.9): 

Notation "[ T ]" := (list T) (at level 5). 
Record Signature : Type := { 
sig_index : Type; 

sig : sig_index -> [[T] * T] * T }. 

However, a slight modification turns out to be useful. During the construction of the 
initial representation, a universal quantification over arities of a signature S with a 
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given target type t e T is needed. Using the above hypothetical implementation, this 
quantification could be achieved by using a sigma type: 

Definition Signature_t (t : T) : Type := {s : sig_index S | snd (sig s) = t}. 

This definition would be awkward to use since we would be obliged to handle equality 
proofs when talking about indices, i.e. terms of sig_index S, with a specific output type. 
We can in fact do better: while the propositional equality as used above would need our 
intervention, definitional equality — conversion — is handled by Coq. Hence we decide 
to implement a signature over a set of types T as a function that maps each t : T to the 
collection of arities whose output type is the given t. In other words, the parameter t of 
Signature _t in the definition of signature replaces the second component of the arities: 

7.2 Code (Signature, Def. 3.9): 

Record Signature_t (t : T) : Type := { 

sigindex : Type ; 

sig : sig index -> [[T] * T] }. 
Definition Signature := forall t, Signaturet t. 

We discuss the formalization of the example signature of the simply-typed lambda 
calculus (cf. Ex. 3.23). At first we define an indexing type TLC_index _t for each t : T. 
After that, we build an indexed signature TLC_sig mapping each index to its arity: 

7.3 Code (Signature of TLC, Ex. 3.23): 

Inductive TLC_index : T — > Type := 

TLC_abs : forall s t : T, TLC index (s ~> t) 
TLC app : forall s t : T, TLC_index t. 

Definition TLC_arguments : forall t, TLC index t -> [[T] * T] := 
fun t' r => match r with 

TLC abs s t => (s: : nil ,t) : : nil 
I TLC_app s t => (nil.s ~> t)::(nil,s)::nil 
end. 

Definition TLC_sig t := Build_Signature_t t (@TLC arguments t). 

7.1.2. Modules and Morphisms for Arities 

To any signature given as a dependent function of type Signature as in Code 7.2 we 
associate the actual signature in the sense of Def. 3.18. More precisely, for an arity 
5 = ([(s 1; t 1 ), . . . , (s n , t n )], t ) given by lists we define the functors dom(s) and cod(s), 
each of which, given a monad P e Mon(Set T ) (cf. Def. 3.13), yield a P-module with 
codomain Set. Note that the bold face letters Sj denote lists of sorts. 
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It would in principle be possible to build the module dom(s, P) associated to a monad P 
using the category-theoretic machinery defined in Sects. 2.2.2 and 2.2.3, i.e. by applying 
iteratively the derivation functor to the tautological module P as often as indicated by the 
arity s and finally the suitable fibre functor, glueing everything together via the product 
on module categories. However, we choose not to, for reasons we explain now. Consider 
again the diagram of Disp. (3.2.3), instantiated for the classic arity 5: 



U[p s % 

i=l 



nu s % 



i=l 



(7.1.1) 



/to 



-*/*[Q] t0 



This diagram actually makes use of many instances of the equalities mentioned in 
Rem. 2.63, in order to justify composability of module morphisms. For instance, in the 
lower right corner, the fact that pullback and fibre may be permuted, is used. In Coq 
the aforementioned equalities of modules hold propositionally (if one uses appropriate 
axioms, such as proof irrelevance), but not definitionally, i.e. the modules are not 
convertible (see also Rem. 2.64). In order to be able to compose a module morphism 
with target p*[M] u , for instance, with a module morphism with source module [p*M] u , 
one needs to insert a suitable isomorphism of modules p*[M] u = [p*M] u . The carriers 
of these isomorphisms are families of identity functions, respectively, since the carriers of 
the source and target modules are convertible. In our formalization we would have to 
insert these isomorphisms (called PROD PB, ITDER PB and ITFIB_PB in our Coq 
library) in order to make some compositions typecheck — as illustrated by the diagram 
in Disp. (7.1.2) — which in turn would result in quite a cumbersome formalization with 
decreased readability. Instead we decide to implement the left vertical morphism from 
scratch. For this to work it is most convenient to define the carrier of the product modules 
as an inductive type, instead of applying the product in the module category recursively. 
Hence also the product modules are built manually rather than using the categorical 
devices of derivation, fibre and product. 



7.1.2.1. Domain, Codomain, Representations 

Given an arity s = (s 1; t{), (s n , t n ) — » t (or shorter I — > t ) and a monad P, we have 
to construct the module 

n 

dom(s,P) = Y\[P s %=Y\ p ■ 

i=i t 
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fl[^ Si ] tl — 

i=l 

n,[/ si i ti 

n-=i[(/*Q) si ] tl 

n ; [=] tj 



r nuau, - 7 ^ r +r [Q] t0 — ^ iraito 

Its carrier, being a kind of heterogeneous list, is given as an inductive type parametrized 
by a set family of variables and a list such as the list £ indicating the domain of an arity. 
In fact, for defining the carrier, only an object map M of the type indicated below is 
necessary: 

Variable M : (ITYPE T) -> (ITYPE T). 

Inductive prod_mod_c (V : ITYPE T) : [[T] * T] -> Type := 

TTT : prod_mod_c V nil 

CONSTR : forall b bs, 
M (V * * (fst b)) (snd b) -> prod_mod_c V bs -> prod_mod_c V (b::bs). 

Now, for a list I : [[T]* T], if M is equipped with a module structure over a monad P, 
we equip the map fun V => prod_mod_c V I with a module structure. Its substitution 
is given by a function pm_mkl, which is defined by recursion on the argument of type 
prod mod _c ... , applying the module substitution of M in each component: 

Fixpoint pm mkl I VW (f : V > P W) (X : prod_mod_c M V I) : 

prod modc M W I := 
match X in prod_mod_c _ _ I return prod_mod_c M W I with 
I TTT => TTT M W 



->Pt 



(7.1.2) 
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| CONSTR b bs elem elems => CONSTR (M:=M) (V:=W) 

(mkleisli (Modulestruct :- M) (Ishift f) (snd b) elem) 
(pmmkl f elems) 

end. 

Proving its module property — by induction on the argument X — yields a module 
prod _ mod I for each list I : [[T] * T]. For 5 = I — > t , this defines the object function 
of the functor dom(s). The object function of cod(s) is easy to define, since it simply 
associates, to any monad P, the fibre module with respect to t of the tautological module 
P. Again, this is defined more generally for any P-module M with codomain category 
Set 7 . Putting both domain and codomain together, we associate, to any algebraic arity 5 
and any P-module M, a type of module morphisms 

dom(s, M) -> cod(s, M) 

as in Code 7.4 below. Note that M is later instantiated by the tautological P-module P. 

7.4 Code (Representation of an Arity, Def. 3.25): 
Variable M : Module P (ITYPE T). 

Definition modhom_from_arity (ar : [[T] * T] * T) : Type := 
Module_Hom (prod_mod M (fst ar)) (M [(snd ar)]). 

where M [(s)] denotes the fibre of the module M over s. Finally a representation of a 
signature S in a monad P is given by a module morphism for each arity i, i.e. by specifying 
a function of type 

Vs e S,dom(s,P) cod(s,P) , 

where P denotes the tautological P-module. Since the set of arities is indexed by the 
target type of the arities, the representation structure is indexed as well: 

7.5 Code (Representation of a Signature, Def. 3.25): 

Variable P : Monad (ITYPE T). 
Definition Repr_t (t : T) := 

forall i : sig_index (S t), modhom from_arity P ((sig i), t). 
Definition Repr := forall t, Repr _t t. 

We bundle the data and define a representation as a monad together with a representation 
structure over this monad 1 : 

Record Representation := { 
rep monad :> Monad (ITYPE T); 
repr : Repr rep monad }. 

1 Here an example of coercion occurs. The special notation :> allows us to omit the projection rep monad 
when accessing the monad which underlies a given representation R. We can hence also write R x for 
the value of the monad of R on an object x of the underlying category. 
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7.1.2.2. Morphisms of Representations 

The carrier of the domain module dom(s, P) = Yli P of a representation (cf. Disp. (7.1.1)) 
is defined as an inductive type. This suggests the use of structural recursion for defining 
the left vertical morphism of the commutative diagram of Disp. (7.1.1). Given a monad 
morphism / : P — > Q, we apply / to every component of Y\i P '■ 

Fixpoint Prod mor c (I : [[T] * T]) (V : ITYPE T) (X : prod mod P I V) : 
f (prod mod Q I) V := 
match X in prod_mod_c _ _ I return f* (prod_mod Q I) V with 
TTT => TTT 

CONSTR b bs elem elems => 

CONSTR (f elem) (Prod morc elems) 

end. 

This function is easily proved to be a morphism of P-modules 

dom(s,/) :=Prod_mor: ]~[ P ^ F[ Q ■ 

i t 

We thus are able to avoid mentioning all those trivial isomorphisms in the definition of 
the arrow map of the functor dom(s) that are present in the diagram of Disp. (7.1.2). 

The codomain arrow cod(s,/) = f t is obtained by taking the fibre module of the 
module morphism induced by/, cf. Sect. 2.2.2. The Coq function PbMod_ind_Hom, 
which associates to any monad morphism the induced module morphism, can even be 
declared as a coercion 

Coercion PbMod_ind_Hom : Monad Horn >— > mor. 

such that the abuse of notation introduced in the informal Def. 2.52 has a counterpart in 
the formal development. 

The isomorphism in the lower right corner however remains in the formalization, 
appearing as ITPB FIB. Its underlying family of morphisms, however, is simply a family 
of identity functions. For an arity a and module morphisms RepP and RepQ representing 
this arity in monads P and Q respectively, the definition of the commutative diagram 
reads as follows: 

7.6 Code (Commutative Diagram for Representation Morphism, Def. 3.26): 

Definition commute f RepP RepQ : Prop := 

RepP ;; f [(snd a)] == Prod_mor (fst a) ;; f RepQ ;; ITPB_FIB f _ _ 

A morphism of representations from P to Q of the signature S is just a monad morphism 
from P to Q together with the commutativity property for each arity. More precisely, 
since arities are indexed by their target type, we have a commutative diagram for any 
object type t : T and each arity (index) i in the indexing set of S t: 
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7.7 Code (Morphism of representations, Def. 3.26): 
Variables P Q : Representation S. 

Class Representation_Hom_struct (f : Monad_Hom P Q) := 
repr_hom_s : forall t (i : sig_index (S t)), commute f (repr P i) (repr Q i). 

Record Representation_Hom : Type := { 
repr_homc :> Monad Horn P Q; 

repr_hom :> Representation_Homstruct repr horn c }. 

As mentioned in Sect. 3.2.2, representations of S and their morphisms form a category 
REPRESENTATION S. Composition of representations is defined by composing the 
underlying monad morphisms: 

Program Instance Repcomp_struct : 

Representation_Hom_struct (Monad Hom_comp f g). 

where the commutation property is proved by some tactic defined beforehand. Ac- 
cordingly, the identity morphism of representations is built upon the identity monad 
morphism: 

Program Instance Rep_ld_struct : 

Representation Horn struct (Monad Homid P). 

Since equality on morphisms of representations is defined as equality of the underlying 
monad morphisms, the properties of composition necessary for representations to form 
a category are a consequence of those for the category MONAD (ITYPE T). The 
construction of the initial representation (and hence the proof of Thm. 3.28) is explained 
in the next section. 

7.2. Construction of the Initial Object 

The initial object of the category of representations of the signature S is constructed in 
several steps: 

1. the syntax associated to S as an inductive data type STS, 

2. definition of a monad structure STS_ Monad on said data type, 

3. construction of the representation structure STSRepr on STS Monad, 

4. for any representation R, construction of morphism init R from STSRepr to R, 

5. uniqueness of init R for any representation R. 

7.2.1. The Terms Generated by a Signature 

The first step is to define a map STS : ITYPE T > ITYPE T — the monad carrier 

— mapping each type family V of variables to the type family of terms with free variables 
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in V. Since objects of ITYPE T really are dependent Coq types (cf. Code 6.5), this 
map is implemented as a Coq inductive family of types, parametrized by a context and 
dependent on object types. Apart from the use of dependent types, the "data" parts of 
this section could indeed be done in any programming language featuring inductive 
types. 

Mutual induction is used, defining at the same time a type STS list of heterogeneous 

lists of terms, yielding the arguments to the constructors of S. This list type is indexed by 
arities, such that the constructors can be fed with precisely the right kind of arguments. 

7.8 Code (Terms of the Initial Representation): 

Inductive STS (V : ITYPE T) : ITYPE T : = 
Var : forall t, V t -> STS V t 
j Build : forall t (i : sig_index (S t)), STSJist V (sig i) -> STS V t 
with 

STS Jist (V : ITYPE T) : [[T] * T] -> Type := 
TT : STS Jist V nil 
| constr : forall b bs, 

STS (V * * (fst b)) (snd b) -> STS Jist V bs -> STS Jist V (b::bs). 

The constructor Build takes 3 arguments: 

• an object type t indicating its output type, 

• an arity i (resp. its index) from the set of indices with output type t and 

• a term of type STS list V (sig i) carrying the subterms of the term to construct. 

Note that Coq typing ensures the correct typing of all constructible terms of STS, a 
techique called intrinsic typing. The Scheme command generates a mutual induction 
scheme for the defined pair of types. The latter type is actually isomorphic to the type 
prod _ mod c STS. This duplication of data could hence have been avoided by defining 
a nested inductive type as follows, instead of using mutual induction. 

Inductive STS (V : ITYPE T) : ITYPE T : = 
Var : forall t, V t -> STS V t 

Build : forall t (i : sig index (S t)), prodmodc STS V (sig i) -> STS V t. 

However, we use the mutual inductive version because it allows us to define functions 
on those types by mutual recursion rather than by nested recursion; the latter are 
significantly more difficult to reason about. 

7.2.2. Monad Structure on the Set of Terms 

We continue by defining a monad structure on the map STS. Again, due to our choice of 
implementing sets as Coq types (cf. Code 6.5), the maps we need really are Coq functions. 
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As in the special case of ULC (cf. Ex. 2.36) and TLC (cf. Ex. 2.37), the monadic map 17 
is given by the variable-as-term constructor Var. The substitution map subst is defined 

using two helper functions rename (providing functoriality cf. Rem. 2.66) and shift 

(used when substituting under binders, cf. Ex. 2.74). Renaming and substitution are 
implemented using mutual recursion on the mutually inductive data types STS and 
STSJist: 

Fixpoint rename VW (f : V > W) t (v : STS V t):= 

match v in STS _ t return STS W t with 

Var t v => Var (f t v) 
I Build t i I => Build (i:=i) (list_rename I f) 
end 

with 

listrename V t (I : STS Jist V t) W (f : V > W) : STS Jist W t := 

match I in STSJist _ t return STSJist W t with 
TT => TT W 
constr b bs elem elems => 

constr (elem //- ( f ~" (fst b))) 
(elems / / — f) 

end 

where "x //— f" := (rename fx) 
and "x // — f" := (list_rename x f). 

(* a lot more code * ) 

Fixpoint subst (V W : I TYPE T) (f : V ---> STS W) t (v : STS V t) : 
STS W t := match v in STS _ t return STS W t with 
I Var t v => f t v 
I Build t i 1 => Build (1 »== f) 
end 

with 

list_subst V W t (1 : STS_list V t) (f : V ---> STS W) : STS_list W t := 
match 1 in STS_list _ t return STS_list W t with 
I TT => TT W 

I constr b bs elem elems => 

constr (elem >== (_lshift f)) (elems >>== f) 
end 

where "x >== f" := (subst f x) 

and "x »== f" := (list_subst x f ) . 

The monadic properties that the substitution should satisfy, are similar to the lemmas 
one would prove in order to establish "programm correctness". As an example, the third 
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monad law reads as 

Lemma subst subst V t (v : STS V t) W X (f : V > STS W) 

(g : W > STS X) : 

v >== f >== g = v >== f;; subst g. 
Proof, 
apply (@STSind 

(fun (V : T -> Type) (t : T) (v : STS V t) => forall (W X : T -> Type) 

(f : V > STS W) (g : W > STS X), 

v >== f >== g = v >== (f;; subst g)) 
(fun (V : T -> Type) I (v : STS Jist V I) => 
forall (W X : T -> Type) 

(f : V > STS W) (g : W > STS X), 

v »== f »== g = v >>== (f;; subst g) )); 

t5. 
Qed. 

Its proof script is a typical example; most of those lemmas are proved using the induction 
scheme STSind — instantiated with suitable properties — followed by a single custom 
tactic which finishes off the resulting subgoals, mainly by rewriting with equalities proved 
beforehand. After a quite lengthy series of lemmas we obtain that the function subst and 
the variable-as-term constructor Var turn STS into a monad: 

Program Instance STS monad : Monad_struct STS := { 
weta := Var ; 
kleisli := subst }. 

7.2.3. A Representation in the Monad of Terms 

The representational structure on STS is defined using the Build constructor. For each 
arity i in the index set sig_index (S t), we must give a morphism of modules from 
prod_mod STS (sig i) to STS [(t)]. Since the constructor Build takes its argument 
from STS list and not from the isomorphic prod mod STS, we precompose with one 
of the isomorphisms between those two types: 

Program Instance STS_arity_rep (t : T) (i : sig_index (S t)) : 
Mod ule_ Horn struct 

(S := prod mod STS (sig i)) (T := STS [(t)]) 
(fun V X => Build (STSI_f_pm X)). 

The only property to verify is the compatibility of this map with the module substitution, 
which we happily leave to Coq. We obtain a representation of S: 

Record STSRepr : REPRESENTATION S := Build Representation (OSTSrepr). 
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7.2.4. Weak Initiality for the Representation in the Term 
Monad 

In the introduction, we gave the equations that a morphism of representations of the 
natural numbers should satisfy. Reading those equations as a rewrite system from left 
to right yields a way to define iterative functions on the natural numbers. This idea 
is also used in order to define a morphism from STSRepr to any representation R of 
the signature S: a term of STS, whose root is a constructor Build t i for some object 
type t and an arity i, is mapped recursively to the image — of the recursively computed 
argument — under the corresponding representation repr R i of R. This definition for 
a morphism of representations will turn out to be the only one possible, leading to 
uniqueness. Formally, the carrier init of what will be the initial morphism from STSRepr 
to R is defined as a mutually recursive Coq function: 

Fixpoint init V t (v : STS V t) : R V t := 

match v in STS _ t return R V t with 

| Var t v => weta (Monad_struct := R) V t v 

j Build t i X => repr R i V (init list X) 

end 
with 

initjist I (V : I TYPE T) (s : STSIist V I) : prodmod R I V := 
match s in STS_list _ I return prod_mod R I V with 

TT => TTT 
| constr b bs elem elems => 

CONSTR (init elem) (init list elems) 

end. 

where the function i nit I ist applies init to (heterogeneous) lists of arguments. We have 

to show that this function is a morphism of monads and a morphism of representations. A 
series of lemmas show that init commutes with renaming resp. lifting (init_lift), shifting 
Cinit shift) and substitution (init_kleisli): 

Lemma init lift V t x W (f : V > W) : init (x //- f) = lift f t (init x). 

Lemma init shift a V W (f : V > STS W) : forall (t : T) (x : opt a V t), 

init (x >>- f) = x >>- (f ;; Oinit _). 

Lemma init kleisli V t (v : STS V t) W (f : V > STS W) : 

init (v >== f) = kleisli (f ;; Oinit _ ) t (init v). 

The latter property is precisely one of the axioms of morphisms of monads (cf. Def. 3.12, 
rectangular diagram). The second monad morphism axiom which states compatibility 
with the tjs of the monads involved is fulfilled by definition of init — it is exactly the 
first branch of the pattern matching by which the function init is defined. We hence have 
established that init is (the carrier of) a morphism of monads: 
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Program Instance init_monadic : Monad Horn struct (P:=STSM) init. 
Record init mon := Build Monad Horn initmonadic. 

Very much less work is then needed to show that init also is a morphism of representa- 
tions: 

Program Instance init_representic : Representation Hom_struct init_mon. 

7.2.5. Uniqueness and Initiality 

Uniqueness of the morphism of representations init rep (obtained from packaging 
init_representic into a record instance) is expressed by the following lemma: 

Lemma init_unique : forall f : STSRepr > R , f == init rep. 

Instead of directly proving the lemma, we prove at first an unfolded version which allows 
to directly apply the mutual induction scheme STSind: 

Variable f : RepresentationHom STSRepr R. 
Hint Rewrite one_way : fin. 
Ltac ttt := tt; 

(try match goal with [t:T, s : STS list _ | — _] => rewrite <— (one_way s); 

let H:=fresh in assert (H:=reprhom f (t:=t)); 
unfold commute in H; simpl in H end); 
repeat (app (mh_weta f) || tinv || tt). 

Lemma inituniqueprepa V t (v : STS V t) : f V t v = init v. 
Proof, 
apply (OSTSind 

(fun Vtv=>fVtv = init v) 

(fun V I v => Prod mor f I V (pmfSTSI v) = init list v)); 

ttt. 
Qed. 

Finally we declare an instance of the Initial type class for the category of representations 
REPRESENTATION S with STSRepr as initial object and init_rep R as the initial 
morphism towards any other representation R. 

7.9 Code (Instance of Initial for Category of Representations) : 

Program Instance STS initial : Initial (REPRESENTATION S) := { 
Init := STSRepr ; 
InitMor R := init rep R }. 

In this instance declaration, the proof field InitMorUnique is filled automatically by the 
Program feature, using the preceding lemma init_unique. 
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7.3. Remarks 

The nature of the theorem made it convenient for computer theorem proving: the proofs 
are straightforward, carrying no surprises. Moreover, they are highly technical using 
(mutual) induction, something Coq offers good support for. 

Some aspects remain unsatisfactory: using type classes and records simultaneously 
is at least confusing for the reader, even if there are reasons from the implementor's 
point of view to do so. Also, the weak support for nested induction in Coq obliged us to 
use mutual induction instead, leading to some duplication of data and hence another 
unnecessary source of confusion. Other aspects, such as the implementation of syntax 
in an efficient way, i.e. without any extrinsic typing device, could be done due to Coq's 
good support for dependent types. 

According to coqwc 2 the Coq files that are specific to the proved theorem consist of 
approximately 400 lines of specification and 600 lines of proof. The proofs are done in a 
semi-automated way, employing a proof style promoted by Chlipala in his online book 
[Chi], as well as in a published user tutorial [ChllO]. An earlier version using a more 
standard proof style included about 900 lines of proof. This reduction is mainly due to 
the fact that proof automation also stimulates reuse of code - here reuse of proof code - 
similarly to how polymorphism does for data structures and functions. However, we do 
not claim to be experts in proof automation, nor do we have "one tactic to rule them all". 



2 The tool coqwc, part of the standard Coq tools, counts the number of lines in a Coq source file, classified 
into the 3 categories specification, proof and comment. 
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Formalized 



In this chapter we present the formalization in the proof assistant Coq of Thm. 4.34 
of Chapt. 4. We first define arities and 1-signatures in terms of lists. Afterwards we 
define representations for 1-arities and construct the initial such representation. We then 
formalize inequations over 1-signatures and construct, for any suitable 2-signature, the 
initial representation. Finally we show how to specify the untyped lambda calculus with 
beta reduction via a 2-signature. 

8.1. Arities by Lists 

According to Def. 4.1, a 1-signature consists of an indexing type and, for each index, a 
list of natural numbers, indicating the number of arguments of a constructor, as well as 
the number of variables bound in each argument. Formally, 1-signatures are an untyped 
version of Code 7.1. In the formalization they are simply called "signatures": 

8.1 Code (1-Signature, Def. 4.1): 

Notation "[ T ]" := (list T) (at level 5). 
Record Signature : Type := { 

sig index : Type ; 

sig : sigindex -> [nat] }. 

Next we formalize context extension according to a natural number, cf. Sect. 2.4.3. These 
definitions are important for the definition of the module morphisms we associate to an 
arity cf. below. Context extension is actually functorial. Given a natural number n and a 
set of variables V, we recursively define the set V * * n to be the set V enriched with n 
additional variables. 

8.2 Code (Adding fresh variables): 

Fixpoint pow (n : nat) (V : TYPE) : TYPE := 
match n with 
=> V 

S n' => pow n' (option V) 
end. 
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Notation "V * * n" := (pow n V) (at level 10). 

Fixpoint pow map (I : nat) V W (f : V > W) : 

V * * I > W * * I := 

match I return V * * I > W * * I with 

=> f 
| S n' => pow_map (" f) 
end. 

Notation "f I" := (pow_map (l:=l) f) (at level 10). 



8.2. Representations of a 1-Signature 

Given a classic arity 5, i.e. a list of natural numbers s (cf. Code 8.1), and a relative 
monad P on the functor A, we define the product module P s as in Rem. 4.9. More 
generally we define M s for any P-module M with codomain Pre. Analogously to the 
implementation of Chapt. 7, we build this module from scratch instead of relying on the 
category-theoretic constructions such as product and derivation functor for the module 
categories, allowing us to omit the insertion of isomorphisms in the style of Lem. 2.106 
and 2.107. Given any module M over a monad P from sets to preordered sets, we define 
the product type prod mod _c as a dependent type parametrized by a set of variables 
and dependent on a list of naturals. Actually we define at first the carrier depending not 
on a module, but just on a carrier function M . The relation on the product is induced by 
that on M. 

8.3 Code (Product Module, Carrier map): 
Variable M : TYPE -> Ord. 

Inductive prod modc (V : TYPE) : [nat] — > Type := 

TTT : prod mod c V nil 

CONSTR : forall b bs, 

M (V * * b)-> prod_mod_c V bs -> prod_mod_c V (b::bs) . 
Notation "a -:- b" := (CONSTR a b) (at level 60). 

Inductive prod_mod_c_rel (V: TYPE) : forall n, relation (prod mod _c M V n):= 
TTT rel : forall x y : prod_mod _c M V nil, prod mod _c_ rel x y 
| CONSTR_rel : forall n I, forall x y : M (V * * n), 

forall a b : prod mod c M V I, x << y — > 
prod_mod_c_rel a b — > prod mod _c_rel (x — :— a) (y — :— b). 

Note that the infixed "<<" is overloaded notation and denotes the relation of any 
preordered set. For any given list a of naturals and any set V of variables, the set 
prod_mod_c V a equipped with the relation prod_mod_c_rel V a is in fact a pre- 
ordered set. For the proof of transitivity we rely on the Coq tactic dependent induction, 
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thus on the axioms 

JMeq.JMeq_eq : forall (A : Type) (x y : A), x ~= y — > x = y 

Eqdep.Eq recteq.eq recteq : forall (U : Type) (p : U) 

(Q : U -> Type) (x : Q p) 

(h : p = p), x = eq_rect p Q x p h 

from the Coq standard library. 

Now, if M is not just a map of type TYPE — > Ord, but a module over some relative 
monad P over Delta, we equip the product map with a modulic substitution in form of a 
recursive function: 

8.4 Code (Product module, substitution): 

Variable M : RMOD P Delta. 

Fixpoint pm_mkl I V W (f : Delta V > P W) 

(X : prod_mod_c (fun V => M V) V I) : prod_mod_c _ W I := 
match X in prod_modc _ I return prodmod _c (fun V => M V) W I 
with 

TTT => TTT _ W 
elem — :- elems => 

rmkleisli (RModule_struct := M) (Ishift _ f) elem — :— pm_mkl f elems 
end. 
C ... * ) 

Definition prod_mod (a : [nat] ) := Build_RModule (prod_mod_struct a). 

Afterwards we prove by induction that this map is indeed monotone with respect to the 
preorder defined in Code 8.3. Altogether, Code 8.3 and 8.4 define a module prod mod 
M I for any module M : RMOD P Ord and any list of naturals I. 

To any arity ar : [nat] and a module M over a monad P we associate a type of module 
morphisms modhomfromarity ar M. Representing ar in M then means giving a term 
of type modhom from arity ar M. Note that in the corresponding Def. 4.13 we have 
defined representations in monads only. Indeed we instantiate M with the tautological 
module later. 

8.5 Code (Type of Representations of an Arity, Def. 4.13): 
Variable P : RMonad Delta. 

Definition modhom from arity (M : RModule P Ord) (ar : [nat]) : Type := 
RModule_Hom (prod mod M ar) M. 

For the rest of the section, we suppose a signature S to be given via a Coq section 
variable, Variable S : Signature. As just mentioned, representing the signature S in a 
monad P (cf. Def. 4.14) means providing a suitable module morphism for any arity 
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of S, i.e. providing, for any element of the indexing set sig_index S, a term of type 
modhomfromarity P (sig i): 

8.6 Code (Representation of 1-Signature, Def. 4.14): 

Definition Repr (P : RMonad Delta) := 

forall i : sig_index S, modhom from arity P (sig i). 

Record Representation := { 

repmonad :> RMonad Delta ; 

repr : Repr rep monad }. 

The projecton rep monad is declared as a coercion by using the special syntax :>. This 
coercion allows for abuse of notation in Coq as we do informally according to Def. 4.14. 
See the first paragraph of Sect. 8.6 for a use of this abuse. 

8.3. Morphisms of Representations 

A morphism of representations from P to Q ist given by a monad morphism / : P — * Q 
between the underlying monads such that a diagram commutes for any arity, cf. Def. 4.17. 
The main task in the implementation is to define this diagram for a given arity I, and, 
more specifically, the left vertical morphism 

dom(l,f)=f t :P e ^f*Q l . 

using the notation of Rem. 4.9. Since P f is defined as an inductive type, it makes sense to 
define / by recursion on the inductive type underlying P e , named prod _ mod c P V I 
(cf. Code 8.3): 

8.7 Code (Carrier of Domain Module Morphism of Def. 4.17): 

Variables P Q : RMonad Delta. 
Variable f : RMonad Hom P Q. 

Fixpoint Prod mor c (I : [nat]) (V : TYPE) (X : prod mod_c (fun V => P V) V 
I): 

(prod_mod_c _ V I) := 
match X in prod_mod _c _ _ I 
return f* (prod_mod Q I) V with 
TTT => TTT 

elem — :— elems => f _ elem — :— Prod_mor_c elems 
end. 

Proving this map monotone is a simple exercise, as well as its commutation property 
with substitution, yielding the aforementioned module morphism. Now we have all 
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the ingredients we need in order to define the diagram of Def. 4.17. For an arity a the 
diagram reads as follows: 

8.8 Code (Commutative Diagram of Def. 4.17): 
Variable a : [nat]. 

Variable RepP : modhom from arity P a. 

Variable RepQ : modhom from_arity Q a. 

Notation "f * M" := (# (PbRMOD f _ ) M). 

Definition commute := Prod_mor a ;; f * RepQ == RepP ;; f". 

Here f " denotes the module morphism induced by a monad morphism, cf. Def. 2.100. 
Using the preceding definition, we define morphisms of representations of S: 

8.9 Code (Morphism of Representations, Def. 4.17): 
Variables P Q : Representation. 

Class Representation Horn struct (f : RMonad_Hom P Q) := 
repr_hom_s : forall i : sig_index S, 

commute f (repr P i) (repr Q i). 
Record Representation_Hom : Type := { 
repr_hom_c :> RMonad_Hom P Q; 
repr_hom :> Representation_Homstruct repr horn c }. 



8.4. Category of Representations 

In this section we describe in more detail the category of representations of a 1-signature, 
cf. Def. 4.19. The composition of morpisms of representations / : P — > Q and g : Q — * R 
is essentially done by composing the underlying monad morphisms. One has to show 
that this morphism does indeed commute with the representation morphisms of P and 
R. Similarly, the identity monad morphism of (the monad underlying) a representation 
P yields a morphism of representations. Fed with some suitable lemma, the Program 
framework does the job for us: 

8.10 Code (Composition and Identity of Representations) : 

Variables P Q R : Representation S. 
Variable f : Representation_Hom P Q. 
Variable g : Representation Hom Q R. 
Program Instance Repcomp_struct : 

Representation_Hom_struct (RMonad comp f g). 
Program Instance Rep_ld_struct : Representation_Hom_struct (RMonad_id P). 
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Since equality of morphisms of representations is defined as equality of the underlying 
monad morphisms, the categorical properties of compositition are established already as 
part of the definition of the category RMONAD F for any functor F. 

8.11 Code (Category of Representations, Def. 4.19): 

Program Instance REPstruct : Catstruct (©Representation Horn S) := { 
mor_oid a c := eq_Rep_oid a c; 
id a := Rep_ld a; 

comp P Q R f g := Rep Comp f g }. 
Definition REP := Build Cat REP struct. 



8.5. Initiality without Inequations 

We construct the initial object of the category REP (cf. Code 8.11). In the informal proof 
of Lem. 4.21 this initial object is the image under a left adjoint of the initial object in a 
category of representations as defined in Sect. 3.2 with the set of object sorts T = {*}. 
For the formal proof we decide to implement the initial object of REP directly, in order 
to obtain a compact formalization. However, the initial object is constructed in a way 
similar to that of Chapt. 7. The carrier of the initial representation is just a simplified — 
because untyped — version of Code 7.8. The only significant difference to Chapt. 7 is 
that we equip the set of terms with the trivial diagonal preorder by applying the functor 
A, in Coq called Delta: 

8.12 Code: 

Inductive UTS (V : TYPE) : TYPE := 
Var : V -> UTS V 

Build : forall (i : sig index S), UTSJist V (sig i) -> UTS V 
with 

UTSJist (V : TYPE) : [nat] -> Type := 
TT : UTS Jist V nil 
| constr : forall b bs, 

UTS (V * * b) -> UTS Jist V bs -> UTS Jist V (b::bs). 
Notation "a — ::— b" := (constr a b). 
Definition UTS sm V := Delta (UTS V). 

We define renaming and, built on top of renaming, substitution: 

Fixpoint rename (V W: TYPE ) (f : V > W) (v : UTS V):= 

match v in UTS _ return UTS W with 
| Var v => Var (f v) 
Build i I => Build (I // — f) 
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end 

with 

list rename V t (I : UTSJist V t) W (f : V > W) : UTSJist W t := 

match I in UTSJist _ t return UTSJist W t with 
TT => TT W 

| constr b bs elem elems => elem //— f b — ::— elems // — f 
end 

where "x //— f" := (rename fx) 
and "x // — f" :— (list_rename x f). 

Fixpoint subst (V W : TYPE) (f : V > UTS W) (v : UTS V) : 

UTS W := match v in UTS _ return UTS _ with 
Var v => f v 

Build i I => Build (I »== f) 
end 

with 

list_subst V W t (I : UTSJist V t) (f : V > UTS W) : UTSJist W t := 

match I in UTSJist _ t return UTSJist W t with 
TT => TT W 
elem — ::— elems => 

elem >== Ishift f — ::— elems >>== f 

end 

where "x >== f" := (subst f x) 
and "x >>== f" := (list subst x f). 

Accordingly, the definition of a monadic structure on V >-> AUTS(V) differs from the 
monad STS monad of Sect. 7.2 only in the occasional use of the functor A (Delta) on 
the morphisms — corresponding to the definition of the left adjoint for Lem. 4.5: 

8.13 Code (Relative Monad Freely Generated by 1-Signature): 

Program Instance UTS sm rmonad : RMonad struct Delta UTSsm := { 

rweta c := #Delta (@Var c); 

rkleisli a b f := #Delta (subst f) }. 
Canonical Structure UTSM := Build RMonad UTS_sm_rmonad. 

The monad UTSM is easily equipped with a representation of the signature S; the carrier 
of the representation of i : sig index S is given by the function 

fun (X : prod modc _ V (sig i)) => Build (i:=i) (UTSJfpm (V:=V) X) 

that is, by the constructor Build i of the type UTS, precomposed with an isomorphism 
UTSI f pm from prod mod _c UTS to UTS Jist. We thus obtain a representation 
UTSRepr of the signature S. 

Given another representation, say, R, of S, the morphism init from UTSRepr to R is 
defined by recursion: 
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Fixpoint init V (v : UTS V) : R V := 

match v in UTS _ return R V with 

| Var v => rweta (RMonad struct := R) V v 

| Build i X => repr R i V (initjist X) 

end 

with 

init jist I (V : TYPE) (s : UTS list V I) : prod mod R I V := 
match s in UTS Iist _ I return prod mod R I V with 
TT => TTT 

elem — ::— elems => init elem — :— init_list elems 
end. 

This map init is compatible with lifting and substitution in UTSM and R, respectively: 

Lemma init lift V x W (f : V > W) : 

init (x //- f) = rlift R f (init x). 

Lemma init kleisli V (v : UTS V) W (f : Delta V > UTS_sm W) : 

init (v >== f) = rkleisli (f ;; Oinit sm W) (init v). 

where init_sm W is the (trivially) monotone version of init W — the adjunct of init W 
under the adjunction of Lem. 2.18. The latter of those lemmas constitutes an important 
part of the proof that init is the carrier of a module morphism from UTSM to R. It is trivial 
to prove that init is also compatible with the representation structure of UTS Repr and R, 

thus the carrier of a morphism of representations called init rep : UTSRepr > R. 

Afterwards uniqueness of init rep is proved: 

Lemma init_unique :forall f : UTSRepr > R , f == init rep. 

Finally we establish initiality by an instance declaration of the corresponding class: 

Program Instance UTS initia I : Initial (REP S) := { 

Init := UTSRepr ; 
InitMor R := init rep R }. 

8.6. Inequations and Initial Representation of a 
2-Signature 

For a 1-signature S, an S -module is defined to be a functor from representations of 
S to the category whose objects are pairs of a monad P and a module M over P, cf. 
Def. 4.22. We do not need the functor properties, and use dependent types instead of the 
cumbersome category of pairs, in order to ensure that a representation in a monad P is 
mapped to a P-module. 
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The below definition makes use of two coercions. Firstly, we may write a : ^ because 
the "object" projection of the category record (cf. Code 6.3) is declared as a coercion. 
Secondly the monad underlying any representation can be accessed without explicit 
projection using the coercion in Code 8.6 we mentioned above. 

Record S_Module := { 

s_mod :> forall R : REP S, RMOD R wOrd ; 

smodhom :> forall (R T : REP S)(f : R > T), 

s mod R > PbRMod f (s mod T) }. 

Notation "U @ f" := (s_mod_hom U f)(at level 4). 

Note that we write U@f for the image of the morphism of representations f under the 
S-module U. Source and target module of f are implicit arguments in this application. 

A half-equation is a natural transformation between S-modules. We need the naturality 
condition in the following. Since we have not formalized S-modules as functors, we have 
to state naturality explicitly: 

8.14 Code (Half-Equation, Def. 4.22): 

Class half_equation_struct (U V : S_Module) 

(half_eq : forall R : REP S, U R > V R) := { 

comm_eq_s : forall (R T : REP S) (f : R > T), 

U @ f ;; PbRMod Hom _ (halfeq T) == halfeq R ;; V @ f }. 
Record halfequation (U V : SModule) := { 

half^eq :> forall R : REP S, U R > V R ; 

half_eq_s :> half_equation_struct half eq }. 

We now formalize classic S-modules. Any list of natural numbers uniquely specifies 
a classic S-module, cf. Def. 4.26. Given a list of naturals cod I, we call this S-module 
S_ Mod classic codl. A classic half-equation is any half-equation with a classic codo- 
main, and a classic inequation is a pair of parallel classic half-equations (cf. Def. 4.33): 

Definition half eq classic (U : S_Module)(codl : [nat]) := 

half_equation U (S_Mod_classic codl). 

Record ineq_classic := { 
Dom : S_Module ; 
Cod : [nat] ; 

eql : half eq classic Dom Cod ; 

eq2 : half_eq_classic Dom Cod }. 

Give a representation P and a (classic) inequation e, we check whether P satisfies e by 
pointwise comparison (cf. Def. 4.31): 

Definition satisfies ineq (e : ineq classic) (P : REP S) := 
forall c (x : Dom e P c), 
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eql _ x << eq2 _ x. 
(* for a family of inequations indexed by a set A * ) 
Definition Inequations (A : Type) := A -> ineq_classic . 
Definition satisf ies_ineqs A (T : Inequations A) (R : REP S) := 
forall a, satisf ies_ineq (T a) R. 

We formalize sets of classic inequations as pairs of an indexing type A together with 
a term of type Inequations A, that is, a map from A to the type of classic inequations 
ineq_classic. The category of representations of (S,A) is obtained as a full subcategory 
of the category of representations of S. The following declaration produces a subcategory 
from predicates on the type of representations and on the (dependent) type of morphisms 
of representations, yielding the category PROP REP of representations of (S,A): 

Variable A : Type. 
Variable T : Inequations A. 

Program Instance Ineq Rep : SubCat compat (REP S) 

(fun P => satisfies ineqs T P) (fun a b f => True). 
Definition INEQREP : Cat := SubCat Ineq Rep. 

We now construct the initial object of INEQ REP. The relation on the initial object is 
defined precisely as in the paper proof, cf. Disp. (4.4.1): 

Definition prop_rel _c X (x y : UTS S X) : Prop := 

forall R : PROP_REP, init (FINJ _ R) x << init (FINJ _ R) y. 

Here, FINJ R denotes the representation R as a representation of S, i.e. the injection 

of R in the category REP S of representations of S. The relation defined above is indeed 
a preorder, and we define the monad UTSP to be the monad whose underlying sets 
are identical to UTSM, namely the sets defined by UTS, but equipped with this new 
preorder. This monad UTSP is denoted by T, A in the paper proof. 

The representation module morphisms of the initial representation UTSRepr can 
be "reused" after having proved their compatibility with the new order, yielding a 
representation UTSProp. An important lemma states that this representation satisfies 
the inequations of T: 

Lemma UTSPRepr_sig_prop : satisfies_ineqs T UTSProp. 

We have to explicitly inject the representation into the category of representations of 
(S,A): 

Definition UTSPROP : INEQ REP := 

exist (fun R : Representation S => satisfies_ineqs T R) UTSProp 
UTS PRepr_sig_ prop. 

For building the initial morphism towards any representation R : INEQ_REP, we first 
build the corresponding morphism in the category of representations of S : 
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Definition init_prop_re : UTSPropr > (FINJ _ R) := ... 

which we then inject, analogously to the initial representation, into the subcategory of 
representations of (S, A): 

Definition init_prop : UTSPROP > R := exist _ (init_prop_re R) I. 

Finally we prove Thm. 4.34: An initial object of a category is given by an object I nit of 

this category, a map associating go any object R a morphism InitMor R : I nit > R, 

and a proof of uniqueness of any such morphism. We instanciate the type class Initial for 
the category INEQ_REP of representations of (S,A): 

Program Instance INITIALJNEQ REP : Initial INEQ REP := { 
Init := UTSPROP ; 
InitMor := init prop ; 
InitMorUnique := init prop unique }. 

We check its type after closing all the sections — and thus abstracting from the section 
variables: 

Check INITIAL INEQ REP. 
INITIAL_II\IEQ_REP 

: forall (S : Signature) (A : Type) (T : Inequations S A), 
Initial (INEQ_REP (S:=S) (A:=A) T) 

8.7. A/3: Lambda Calculus with beta reduction 

We implement the example 2-signature A/3, cf. Ex. 4.38. Throughout this section, we 
use use a custom notation in Coq for the datatype of lists: 

Notation "[[ x ; .. ; y ]]" := (cons x .. (cons y nil) ..). 

In order to specify the 1-signature A (cf. Def. 4.11, Ex. 4.2), we first define an indexing 
set Lambda_index consisting of two elements, ABS and APP. This indexing set reflects 
the fact that the signature A consists of two arities. The record instance Lambda is a term 
of type Signature (cf. Code 8.1). The map sig Lambda then associates the corresponding 
lists of naturals to each of these elements, according to Ex. 4.2: 

Inductive Lambda_index := ABS | APP. 
Definition Lambda : Signature := {| 
sig_index := Lambdaindex ; 
sig := fun x => match x with 

ABS => [[ 1 ]] 
APP => [[ ; 0]] 
end |}. 
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The definition of the inequation /3 (cf. Ex. 4.32) is a more challenging task, since a 
half-equation is not just an element of a simple datatype like a 1-arity but given by 
suitable module morphisms. 

At first, we define the substitution of one variable (cf. Def. 4.27) as a half-equation. 
The carrier subst carrier of the substitution is defined as in Def. 2.110. Afterwards we 
prove that this carrier satisfies the properties of a module morphism, that is, is compatible 
with substitution in the source and target modules. After abstracting from the section 
variable R, we obtain a function subst rnodule mor which, given any representation R 
of S, yields the substitution module morphism associated to (the monad underlying) R. 

Variable S : Signature. 
Variable R : REP S. 
Definition subst_carrier : 

(forall c : TYPE, (S_Mod_classic_ob [[1; 0]] R) c > 

(S_Mod_classic_ob [[0]] R) c) := ... 
Program Instance substruct : RModule_Hom struct 
(M:=S_Mod_classic_ob [[1 ; 0]] R) 
(N:=S_Mod_classic_ob [[0]] R) 
subst_carrier. 

Definition subst_module_mor := Build RModuleHom (sub struct R). 

The last step is to prove "naturality", that is, the commutativity of the family of diagrams 
of Code 8.14. We recall that we do not implement S-modules as functors, but just as the 
data part of functors. This is why we put the word naturality in quotes. After the proof 
we define our first half-equation, subst half eq. 

Program Instance subst_half_s : half_equation_struct 

(U:= S Modclassic [[1 ; 0]]) 

(V:= S Mod classic [[0]]) 
subst_module_mor. 
Definition subst_half_eq := Build_half_equation subst_half_s. 

The definition of the second half-equation of Ex. 4.28 is possible for any 1-signature 
with abstraction and application, such as the 1-signature A. To keep the example simple, 
we only define the half-equation for A. The needed steps are precisely the same as for 
the substitution half-equation, so we just give the statements. 

Definition beta_carrier : 

(forall c : TYPE, (S_Mod_classic_ob [[1; 0]] R) c > 

(S Modclassicob [[0]] R) c) := ... 
Program Instance beta_struct : RModuleHomstruct 
(M:=S Mod_classic_ob [[1 ; 0]] R) 
(N:=S_Mod_classic_ob [[0]] R) 
beta carrier. 
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Definition beta_module_mor := Build_RModule_Hom beta_struct. 
Program Instance beta half _s : half^equation struct 

(U:=S_Mod_classic Lambda [[1 ; 0]]) 

(V:=S_Mod_classic Lambda [[0]]) 
beta_module_mor. 
Definition beta_half_eq := Build_half_equation beta_half_s. 

In the end we package both half-equations into one inequation specifying the beta rule 
of Ex. 4.32. 

Definition beta_rule : ineq classic Lambda := { 
eql := beta half eq ; 
eq2 := subst half eq Lambda |}. 

We can now associate a short name to the category of representations of A/3, where, for 
increased clarity, we specify the implicit arguments: 

Definition Lambda_beta_Cat := INEQREP 

(S:=Lambda)(A:=unit)(fun x : unit => beta_rule). 

Note that our formal definition allows that an inequation appears multiple times in a 
2-signature, whereas in the informal definition we have sets of inequations. Unlike 
for arities, having several copies of the same inequation does not change the resulting 
category neither the initial object, of course. The initial representation is obtained via 
the specification 

Definition Lambda_beta := 01 nit _ _ _ 

(INITIAL_INEQ_REP (fun x : unit => beta rule)). 
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In this chapter we describe the implementation of the category of representations of 
PCF, equipped with reduction rules — we refer to it as semantic PCF from now on — as 
described informally in Sect. A.2. We state the reduction rules more precisely later. This 
theorem is an instance of Thm. 5.21 proved in Chapt. 5. However, for the implementation 
in Coq of this instance we make several simplifications compared to the general theorem: 

• we do not define a notion of 2-signature, but specify directly a Coq type of 
representations of semantic PCF; 

• we use dependent Coq types to formalize arities of higher degree (cf. Def. 5.3), in- 
stead of relying on modules on categories with pointed index sets. A representation 
of an arity of degree n is thus given by a family of module morphisms (of degree 
zero), indexed n times over the respective object type as described in Rem. 5.6; 

• the relation on the initial object is not defined via the formula of Disp. (5.4.1), but 
directly through an inductive type, cf. Code 9.9, and various closures, cf. Code 9.10. 

9.1. Representations of PCF 

In this section we explain the formalization of representations of semantic PCF. Accord- 
ing to Def. 5.10 and Def. 5.20, such a representation consists of 

1. a representation of the types of PCF (in a Coq type U), cf. Ex. 3.4, 

2. a relative monad P over the functor A u (in the formalization: I Delta U) and 

3. representations of the arities of PCF (cf. Ex. 3.48), i.e. morphisms of P-modules 
with suitable source and target modules such that 

4. the inequations defining the reduction rules of PCF are satisfied. 

A representation of PCF should be a "bundle", i.e. a record type, whose components — 
or "fields" — are these 4 items. In order to ease the definitions, we first define what 
a representation of the term signature of PCF in a monad P is, in the presence of an 
Spcp-monad (cf. Def. 5.1). Unfolding the definitions, we suppose given a type Sorts, 
a relative monad P over I Delta Sorts and three operations on Sorts: a binary function 
Arrow — denoted by an infixed "~~>" — and two constants Bool and Nat. 
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Variable Sorts : Type. 

Variable P : RMonad (I Delta Sorts). 

Variable Arrow : Sorts — > Sorts — > Sorts. 

Variable Bool : Sorts. 

Variable Nat : Sorts. 

Notation "a ~~> b" := (Arrow a b) (at level 60, right associativity). 

In this context, a representation of PCF is given by a bunch of module morphisms 
satisfying some conditions. We split the definition into smaller pieces. Note that M [t] 
denotes the fibre module of module M with respect to t, and d M / / u denotes derivation 
of module M with respect to u. The module denoted by a star * is the terminal module, 
which is the constant singleton module. 

9.1 Code (1-Signature of PCF): 

Class PCFPO rep struct := { 

app : forall u v, (P[u ~~> v]) x (P[u]) > P[v]; 

abs : forall u v, (d P // u)[v] > P[u ~~> v]; 

rec : forall t, P[t ~~> t] > P[t]; 

tttt : * > P[Bool]; 

ffff : * > P[Bool]; 

nats : forall m:nat, * > P[Nat]; 

Succ : * > P[Nat — > Nat]; 

Pred : * > P[Nat ~~> Nat]; 

Zero : * > P[Nat ~~> Bool]; 

CondN: * > P[Bool ~~> Nat ~~> Nat ~~> Nat]; 

CondB: * > P[Bool ~~> Bool ~~> Bool ~~> Bool]; 

bottom: forall t, * > P[t]; 

These module morphisms are subject to some inequations specifying the reduction rules 
of Sect. A.2, or, equivalently, Ex. 5.19. The beta rule reads as 

9.2 Code (Beta Rule for Representations of PCF): 

beta_red : forall r s V y z, app r s V (abs r s V y, z) << y[* := z] ; 

where y[* := z] is the substitution of the freshest variable (cf. Def. 2.111) as a special 
case of simultaneous monadic substitution. The rule for the fixed point operator says 
that ¥(/)-» /(¥(/)): 

9.3 Code (Inequation for Fixedpoint Operator): 

Rec_A: forall V t g, rec _ g << app t t V (g, rec _ g) ; 
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The other inequations concern the arithmetic and logical constants of PCF. Firstly, we 
have that the conditionals reduce according to the truth value they are applied to: 

9.4 Code (Logic Inequations of PCF Representations): 

CondN t: forall V n m, 



app (app 

(app (CondN V tt, tttt _ tt), n), m) << n ; 

CondN_f: forall V n m, 

app (app 

(app (CondN V tt, ffff _ tt), n), m) << m ; 

CondB_t: forall V u v, 

app (app 

(app (CondB V tt, tttt _ tt), u), v) << u ; 
CondB_f: forall V u v, 
app (app 

(app (CondB V tt, ffff _ tt), u), v) << v ; 



Furthermore, we have that succ(n) reduces to n + 1 (which in Coq is written S n), 
reduction of the zero? predicate according to whether its argument is zero or not, and 
that the predecessor is post-inverse to the successor function: 

9.5 Code (Arithmetic Inequations of PCF Representations): 

Succored: forall V n, 

app (Succ V tt, nats n _ tt) << nats (S n) _ tt ; 

Zero_t: forall V, 

app _ _( Zero v tt, nats _ tt) << tttt _ tt ; 
Zerof: forall V n, 

app (Zero V tt, nats (S n) _ tt) << ffff _ tt ; 

Pred Succ: forall V n, 

app _(Pred V tt, app _ _ (Succ V tt, nats n _ tt)) << nats n _ tt; 
PredZ: forall V, 

app (Pred V tt, nats _ tt) << nats _ tt }. 

Unfortunately, at this stage of the definition, we were not able to introduce a more conve- 
nient notation for application, neither to omit the arguments denoted by an underscore as 
instances of implicit arguments. After abstracting over the section variables we package 
all of this into a record type: 

Record PCFPO rep := { 
Sorts : Type; 

Arrow : Sorts — > Sorts — > Sorts; 
Bool : Sorts ; 
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Nat : Sorts ; 

pcf_ rep monad :> RMonad (IDelta Sorts); 

pcfrepstruct :> PCFPOrepstruct pcf rep monad Arrow Bool Nat }. 
Notation "a ~~> b" := (Arrow a b) (at level 60, right associativity). 

The type PCFPO rep later constitutes the type of objects of the category of representa- 
tions of semantic PCF. 

9.2. Morphisms of Representations 

A morphism of representations (cf. Def. 5.11) is built from a morphism g of type represen- 
tations and a colax monad morphism over the retyping functor associated to the map g. 
The implementation of retyping is explained in Code 6.6. In the particular case of PCF, a 
morphism of representations from P to R consists of a morphism of representations of the 
types of PCF — with underlying map Sorts map — and a colax morphism of relative 
monads which makes commute the diagrams of the form given in Def. 5.11. We first 
define the diagrams we expect to commute, before packaging everything into a record 
type of morphisms. The context is given by the following declarations: 

Variables P R : PCFPOrep. 

Variable Sorts map : Sorts P — > Sorts R. 

Hypothesis HArrow : forall u v, Sorts map (u ~~> v) = Sorts map u ~~> 

Sorts map v. 
Hypothesis HBool : Sorts map (Bool _ ) = Bool _ . 
Hypothesis HNat : Sortsmap (Nat _ ) = Nat _ . 

Variable f : colax_RMonad_Hom P R 

(G1:=RETYPE (fun t => Sortsmap t)) 
(G2:=RETYPE PO (fun t => Sorts map t)) 
(RT_NT (fun t => Sorts map t)). 

We explain the commutative diagrams of Def. 5.11 for some of the arities. For the 
successor arity we ask the following diagram to commute: 

9.6 Code (Commutative Diagram for Successor Arity): 

Program Definition Succ_hom' := 
Succ ;; f [(Nat ~~> Nat)] ;; Fibeq RMod ;; IsoPF 

* >* ;; f * * Succ. 

Here the morphism Succ refers to the representation of the successor arity either of P 
(the first appearance) or R (the second appearance) — Coq is able to figure this out itself. 
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The domain of the successor is given by the terminal module *. Accordingly, we have 
that dom(Succ,/) is the trivial module morphism with domain and codomain given by 

the terminal module. We denote this module morphism by * >* . The codomain 

is given as the fibre of / of type i => i. The two remaining module morphisms are 
isomorphisms which do not appear in the informal description. The isomorphism IsoPF 

is needed to permute fibre with pullback (cf. Lem. 2.108). The morphism Fib eq RMod 

M H takes a module M and a proof H of equality of two object types as arguments, say, 
H : u = v. Its output is an isomorphism M [u] > M [v] . Here the proof is of type 

Sortsmap (Nat ~~> Nat) = Sorts map Nat ~~> Sortsmap Nat 

and Coq is able to figure out the proof itself. We expand on this kind of modules in 
Sect. 9.3 The diagram for application uses the product of module morphisms, denoted by 
an infixed X: 

9.7 Code (Commutative Diagram for Application Arity): 

Program Definition app_hom' := forall u v, 
app u v;; f [( _ )] ;; IsoPF 

(f [(u — > v)] ;; Fib_eq_RMod _ (HArrow );; IsoPF ) 

X 

(f [(u)] ;; IsoPF ) ;; 

IsoXP ;; f * * (app _ _ ). 

In addition to the already encountered isomorphism IsoPF we have to insert an isomor- 
phism IsoXP which permutes pullback and product (cf. Lem. 2.106). As a last example, 
we present the property for the abstraction: 

9.8 Code (Commutative Diagram for Abstraction Arity): 

Program Definition abshom' := forall u v, 
abs u v ;; f [( _ )] 

DerFib_RMod_Hom ;; IsoPF ;; 

f**(abs(_u) (_v)) ;; IsoFP ;; 
Fib_eq_RMod _ (eq_sym (HArrow )) . 

Here the module morphism DerFib_RMod Horn f u v corresponds to the morphism 
dom(Abs(u, v),f) = [/"]„, and IsoFP permutes fibre with pullback, just like its sibling 
IsoPF, but the other way round. 
We bundle all those properties into a type class: 

Class PCFPO rep Hom struct := { 
CondB_hom : CondB horn' ; 
CondN_hom : CondN_hom' ; 
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Pred_hom : Pred_hom' ; 
Zerohom : Zerohom' ; 
Succhom : Succhom' ; 
fff_hom : fff_hom' ; 
ttt_hom : ttt_hom' ; 
bottom_hom : bottom_hom' ; 
nats_hom : nats horn' ; 
app_hom : app_hom' ; 
rec horn : rechom' ; 
abs_hom : abs horn' }. 

Similarly to what we did for representations, we abstract over the section variables and 
define a record type of morphisms of representations from P to R : 

Record PCFPOrepHom := { 
Sorts map : Sorts P — > Sorts R ; 

HArrow : forall u v, Sorts_map (u ~~> v) = Sorts map u ~~> Sorts map v; 
HNat : Sorts map (Nat _ ) = Nat R ; 
HBool : Sortsmap (Bool _ ) = Bool R ; 

rep_Hom_monad :> colax_RMonad_Hom P R (RT_NT Sorts map); 
rep_colax_Hom_monad_struct :> PCFPO_rep_Hom_struct 
HArrow HBool HNat rep Hom_monad }. 



9.3. Digression on Equal Fibre Modules in Coq 

Suppose Q is a relative monad on some functor F : — * <2s and M is a Q-module with 
codomain Pre r . Let u,t€T and suppose given a proof H of the proposition u = t. We 
can now prove [M] u = [M] t , but unfortunately this is not sufficient for composing a 
morphism with codomain [M] u with one whose domain is [M] t in Coq (cf. Sect. 6.3.1). 
Indeed, the problem we encounter here is even worse than that of permutation of 
pullback with fibre, derivation and products (see e.g. Sect. 7.1.2), since not even the 
carriers of [M] u and [M] t are convertible. This means that the isomorphism we have 
to insert does not even allow for an underlying family of identity maps as carriers, but 
instead is a transport of the form eq rect. 

In more detail, the carrier of M is a map from the objects of ^ to Pre , that is, for 
each ce^, its image Mc e Pre r is basically a dependent type (with some structure). 
The fibre is then simply computed by application. The carrier of a module morphism 
P • \M~\u ~ * [M] t thus consists of a family of maps of sets indexed by objects ce^ 1 , 

Pc :M(cXu)^M(c)(t) . 
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In intensional type theory, we have an explicit cast operator eq_rect which allows the 
definition of precisely such a map: 

Check eq _rect. 
eq_rect 

: forall (A : Type) (x : A) (P : A -> Type), 
P x -> forall y : A, x = y -> P y 

Note that this operator is equivalent to the operator J in Hofmann's PhD thesis [Hof95], 
whose typing rule is called Id-Elim-J. 

Here we instantiate A by set of object types T and the dependent type P by M(c), 
allowing us to define a map transport from M(c)(u) to M(c)(t): 

Variable T : Type. 

Variables u t : T. 

Variable M : RMOD Q (IPO T). 

Hypothesis H : u = t. 

Definition transport (c : C) : M c u — > M c t := 

fun (s : M c u) => eq_rect u (fun t : T => (M c) t) s t H. 

Fortunately it is possible to get rid of the transport via a computation rule equivalent to a 
rule named Id-Comp in Hofmann's thesis. In Coq this rule says that the term 

eq_rect u P a a eq_refl 

reduces to — and thus in particular is provably equal to — the term a itself. Thus a 
considerable part of proof code in the following is about elimination of explicit casts. 
Indeed, the scheme is as follows: we start with a goal 

(1/1) 

G 

such that G contains a subterm eq rect u P a b H, i.e. with H : a = b. We then gener- 
alize H, yielding the goal 

(1/1) 

forall H : a = b, G 

Now rewriting with a proof of a = b (using a copy of H) turns the goal into 

(1/1) 

forall H : a = a, G 

After introducing H, we can rewrite H in the goal into eq refl using the axiom U IP refl 

which says that any proof of a = a is equal to eq refl. Thus the goal G contains the 

subterm eq _ rect u P a a eq_ refl, which simplifies to a — the transport has disappeared. 
Note that for the rewrite of fora 1 1 H : a = b into fora 1 1 H : a = a in the goal, many other 
terms from the context have to be generalized, as well as structures broken into their 
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constituent pieces, in order to obtain sufficient flexibility in the goal for the rewrite to 
result in a well-typed term. 

9.4. Equality of Morphisms, Category of 
Representations 

We have already seen how some definitions that are trivial in informal mathematics, turn 
into something awful in intensional type theory. Equality of morphisms of representations 
is another such definition. Informally, two such morphisms a, c : P — > R of representations 
are equal if 

1. their map of object types f a and f c (Sorts map) are equal and 

2. their underlying colax morphism of monads — also called a and c — are equal. 

In our formalization, the second condition is not even directly expressable, since these 
monad morphisms do not have the same type: we have, for a context V e Set p , 

a v :f a (PV)^R(f a V) 

and 

c v :f c (PV)^R(f c V) . 

where Set p is a notation for contexts typed over the set of object types the representation 
P comes with, formally the type Sorts P. We can only compare a v to c v by composing 
each of them with a suitable transport transp again, yielding morphisms 

K(transp) o a v : f a (PV) -» R(f a V) -» R(f c V) 

and 

c v o transp' : f a (PV) -» f c (PV) -» R(f c V) . 

As before, for equal fibres [M] u and [M] t with u = t, the carriers of those transports 
transp and transp' are terms of the form eq rect _ H, where H is a proof term 

which depends on the proof of 

forall x : Sorts P, Sorts map c x = Sorts map a x 

of the first condition. Altogether, the definition of equality of morphisms of representa- 
tions is given by the following inductive proposition: 

Inductive eq_Rep (P R : PCFPO_rep) : relation (PCFPO rep Hom P R) := 
| eq_rep : forall (a c : PCFPO_rep_Hom P R), 

forall H : (forall t, Sorts map c t = Sorts_map a t), 
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(forall V, a V ;; rlift R (Transp H V) 



Transp ord H (P V) ;; c V ) — > eq Rep a c. 

The formal proof that the relation thus defined is an equivalence is inadequately long 
when compared to its mathematical complexity, due to the transport elimination. 

Composition of representations is done by composing the underlying maps of sorts, as 
well as composing the underlying monad morphisms pointwise. Again, this operation, 
which is trivial from a mathematical point of view, yields a difficulty in the formalization, 
due to the fact that in the formalization 

gifV)^(gof)V . 

More precisely, suppose given two morphisms of representations a : P — * Q and b : Q — » R, 
given by families of morphisms indexed by V resp. W, 



PV 



QW 



Q(V a ) and 
*R(W b ) , 



where we write V a for f a V. The monad morphism underlying the composite morphism 
of representations is given by the following definition: 



PV 



■ boa 



b°a v 



match 



^R{V haa ) 
R(=) 



PV 



ctype 



R\ V 



PV 



a v 



ctype 



>Q(v a ) 



or, in Coq code, 

Definition comp_rep_car : (forall c : ITYPE U, 

RETYPE (fun t => f (f t)) (P c) > 

R ((RETYPE (fun t => f (f t))) c)) := 
fun (V : ITYPE U) t (y : retype (fun t => f (f t)) (P V) t) => 
match y with ctype _ z => 
lift (M:=R) (double_retype_l (f:=f) (f :=f) (V:=V)) _ 

(b (ctype (fun t => f t) 

(a (ctype (fun t => f t) z )))) 

end. 
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where double retype 1 denotes the isomorphism in the upper right corner. The proof 
of the commutative diagrams for the composite monad morphism is lengthy due to the 
number of arities of the signature of PCF. Definition of the identity morphisms is routine, 
and in the end we define the category of representations of semantic PCF: 

Program Instance REP_s : 

Cat_struct (obj := PCFPO_rep) (PCFPO_rep_Hom) := { 
mor_oid P R := eq_Rep_oid P R ; 
id R := Rep id R ; 
comp a b c f g := Repcomp f g }. 



9.5. One Particular Representation 

We define a particular representation, which we later prove to be initial. First of all, the 
set of object types of PCF is given as follows: 

Module PCF. 
Inductive Sorts := 
| Nat : Sorts 
Bool : Sorts 

Arrow : Sorts — > Sorts — > Sorts. 
End PCF. 

For this section we introduce some notations: 

Notation "'TV 11 := PCF.Sorts. 

Notation "'Bool'" := PCF.Bool. 

Notation "'Nat'" := PCF. Nat. 

Notation "'IT'" := (ITYPE TY). 

Notation "a '~>' b" := (PCF. Arrow a b) (at level 69, right associativity). 

We specify the set of PCF constants through the following inductive type, indexed by the 
sorts of PCF: 

Inductive Consts : TY -> Type := 
| Nats : nat -> Consts Nat 

ttt : Consts Bool 
| fff : Consts Bool 

succ : Consts (Nat ~> Nat) 

preds : Consts (Nat ~> Nat) 

zero : Consts (Nat ~> Bool) 
I condN: Consts (Bool ~> Nat ~> Nat ~> Nat) 

condB: Consts (Bool ~> Bool ~> Bool ~> Bool). 
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The set family of terms of PCF is given by an inductive family, parametrized by a context 
V and indexed by object types: 

Inductive PCF (V: TY -> Type) : TY -> Type:= 
Bottom: forall t, PCF V t 
j Const : forall t, Consts t -> PCF V t 
Var : forall t, V t -> PCF V t 

App : forall t s, PCF V (s ~> t) -> PCF V s -> PCF V t 

Lam : forall t s, PCF (opt t V) s -> PCF V (t ~> s) 

Rec : forall t, PCF V (t ~> t) -> PCF V t. 
Notation "a @ b" := (App a b)(at level 43, left associativity). 
Notation "M '" := (Const _ M) (at level 15). 

Monadic substitution is defined recursively on terms: 

Fixpoint subst (V W: TY -> Type)(f: forall t, V t -> PCF W t) 
(t : TY)(v : PCF V t) : PCF W t := 
match v with 

Bottom t => Bottom W t 

c => c 

Var t v => f t v 

u @ v => u >>= f v >>= f 

Lam t s u => Lam (u >>= shift f) 

Rec t u => Rec (u >>= f) 
end 

where "y >>= f" := (@subst f _ y). 

Here shift f is the substitution map f extended to account for an extended context under 
the binder Lam. It is equal to the shifted map of Def. 2.102. 

Finally, we define a relation on the terms of type PCF via the inductive definition 

9.9 Code (Reduction Rules for PCF): 

Inductive eval (V : IT): forall t, relation (PCF V t) := 

app abs : forall (s t:TY) (M: PCF (opt s V) t) N, 
eval (Lam M N) (M [* := N]) 
| condN_t: forall n m, eval (condN ' @ ttt ' @ n @ m) n 

condN_f: forall n m, eval (condN ' @ fff ' @ n @ m) m 

condB_t: forall u v, eval (condB ' @ ttt ' @ u @ v) u 
| condB_f: forall u v, eval (condB ' @ fff ' @ u @ v) v 

succred: forall n, eval (succ ' @ Nats n ') (Nats (S n) ') 

zero t: eval ( zero ' @ Nats ') (ttt ') 

zero_f: forall n, eval (zero ' @ Nats (S n)') (fff ') 

pred Succ: forall n, eval (preds ' @ (succ ' @ Nats n ')) (Nats n ') 
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pred_z: eval (preds ' @ Nats ') (Nats ') 

rec_a : forall t g, eval (Rec g) (g @ (Rec (t:=t) g)). 

which we then propagate into subterms (cf. Code 9.10) and close with respect to transi- 
tivity and reflexivity: 

9.10 Code (Propagation of Reductions into Subterms): 

Reserved Notation "x :> y" (at level 70). 
Variable rel : forall (V:IT) t, relation (PCF V t). 
Inductive propag (V: IT) : forall t, relation (PCF V t) := 
relorig : forall t (v v': PCF V t), rel v v' — > v :> v' 

relAppl: forall s t (M M' : PCF V (s ~> t)) N, M :> M' -> M @ N :> M' @ N 
relApp2: forall s t (M : PCF V (s ~> t)) N N', N :> N' -> M @ N :> M @ N' 
relLam: forall s t (M M':PCF (opt s V) t), M :> M' -> Lam M :> Lam M' 

| relRec: forall t (M M' : PCF V (t ~> t)), M :> M' -> Rec M :> Rec M' 

where "x :> y" := (@propag _ _ x y). 

The data thus defined constitutes a relative monad PCFEM on the functor A TpCF (I Delta 
TY). We omit the details. 

Now we need to define a suitable morphism (resp. family of morphisms) of PCFEM- 
modules for any arity (of higher degree) . Let a be any such arity for instance the arity 
App. We need to verify two things: 

1. we show that the constructor of PCF which corresponds to a is monotone with 
respect to the order on PCFEM. For instance, we show that for any two terms 
r s:TY and any V : I Delta TY, the function 

fun y => App (fst y) (snd y): PCFEM V (r~>s) x PCFEM V r -> PCFEM 
V s 

is monotone. 

2. We show that the monadic substitution defined above distributes over the construc- 
tor in the sense of Ex. 2.74, i.e. we prove that the constructor is the carrier of a 
module morphism. 

All of these are very straightforward proofs, resulting in a representation PCFE_rep of 
semantic PCF: 

Program Instance PCFE_rep_struct : 

PCFPO rep struct PCFEM PCF.arrow PCF. Bool PCF.Nat := { 
app r s := PCFApp r s; 
abs r s := PCFAbs r s; 
rec t := PCFRec t ; 
tttt := PCFconsts ttt ; 
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ffff := PCFconsts fff; 
Succ := PCFconsts succ; 
Pred := PCFconsts preds; 
CondN := PCFconsts condN; 
CondB := PCFconsts condB; 
Zero := PCFconsts zero ; 
nats m := PCFconsts (Nats m); 
bottom t := PCFbottom t }. 
Definition PCFE_rep : PCFPO_rep := Build_PCFPO_rep PCFE_rep_struct. 

Note that in the instance declaration PCFE_rep_struct, the Program framework proves 
automatically the properties of Code 9.2, 9.3, 9.4 and 9.5. 

9.6. Initiality 

In this section we define a morphism of representations from PCFE_rep to any repre- 
sentation R : PCFPO_rep. At first we need to define a map between the underlying 
sorts, that is, a map Sorts PCFE_rep — > Sorts R. In short, each PCF type goes to its 
representation in R: 

Fixpoint InitSortsmap (t : Sorts PCFE rep) : Sorts R : = 
match t with 

PCF.Nat => Nat R 

PCF.Bool => Bool R 
| u ~> v => (Init Sorts map u) ~~> (lnit_Sorts map v) 
end. 

The function in it is the carrier of what will later be proved to be the initial morphism to 
the representation R. It maps each constructor of PCF recursively to its counterpart in 
the representation R: 

Fixpoint init V t (v : PCF V t) : 

R (retype (fun tO => lnit_Sorts_map tO) V) (lnit_Sorts_map t) := 
match v with 

Var t v => rweta R _ __ (ctype _ v) 
| u @ v => app _ (init u, init v) 
Lam _ v => abs _ _ (rlift R 

(Oder comm TY (Sorts R) (fun t => Init Sorts map t) _ V ) _ (init v 

)) 

| Rec _ v => rec _ _ (init v) 
Bottom _ => bottom _ _ tt 
y ' => match y in Consts tl return 
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R (retype (fun t2 => lnit_Sorts_map t2) V) (Init Sorts map tl) 
with 

Nats m => nats m _ tt 
succ => Succ _ tt 
condN => CondN _ tt 
condB => CondB _ tt 
zero => Zero _ tt 
ttt => tttt _ tt 
fff => ffff _ tt 
preds => Pred _ tt 
end 



end. 



We write i v for init V and g for lnit_Sorts_map. Note that i v : PCF(V) -» g* (R(gV)) 
really is the image of the initial morphism under the adjunction (p of Def. 2.22. Intuitively, 
passing from init V= i v to its adjunct is done by precomposing with pattern 

matching on the constructor ctype (cf. Rem. 2.25). We informally denote by 
init V o match. 

The map init is compatible with renaming and substitution in PCF and R, respectively, 
in a sense made precise by the following two lemmas. The first lemma states that, for 
any morphism / : V — * W in Set TpCF , the following diagram commutes: 



PCF(V) 



init V 



g*R(gV) 



PCF(/) 



-> PCF(W) 



init W 



-> g*KgW). 



Lemma initjift (V : IT) t (y : PCF V t) W (f : V > W) : 

init (y //— f) = rlift R (retype_map f) _ (init y). 

The next commutative diagram concerns substitution; for any / : V — * PCF(W), the 
diagram obtained by applying ip to the diagram given in Disp. (5.4.4) — i.e. the diagram 
corresponding to Disp. (5.4.5) — , commutes: 



PCF(V) 

init V 

g*R(V) 



V) 



-> PCF(W) 

init W 

+ g*i?(W). 



g*a% v -\\n\t WMg*/)) 

In Coq the lemma init_subst proves commutativity of this latter diagram: 
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Lemma init_subst V t (y : PCF V t) W (f : IDelta _ V > PCFE W): 

init (y >>= f) = 
rkleisli (RMonad_struct := R) 

(SM_ind (V:= retype (fun t => _ t) V) 

(W:= R (retype (fun t => _ t) W)) 
(fun t v => match v with ctype t p => init (f t p) end)) 
_ (init y). 

This latter lemma establishes almost the commutative diagram for the family </? -1 (iy) to 
constitute a (colax) monad morphism, which reads as follows: 

g(PCFOO) ^ ^ >g(PCF(W)) (9.6.1) 



init V o match 



init W o match 



R (SV) ^— — — — ^R(gW). 

cr (jmt o match °(g/ J ) 

Before we can actually build a monad morphism with carrier map init V o match, we 
need to verify that init — and thus its adjunct — is monotone. We do this in 3 steps, 
corresponding to the 3 steps in which we built up the preorder on the terms of PCF: 

1. init monotone with respect to the relation eval (cf. Code 9.9): 

Lemma init eval V t (v v' : PCF V t) : eval v v' — > init v <<< init v'. 

2. init monotone with respect to the propagation into subterms of eval; 

Lemma init_eval_star V t (y z : PCF V t) : eval_star y z — > init y <<< 
init z. 

3. init monotone with respect to reflexive and transitive closure of above relation. 
Lemma initmono c t (y z : PCFE c t) : y <<< z — > init y <<< init z. 

We now have all the ingredients to define the initial morphism from PCF to R. As already 
indicated by the diagram Disp. (9.6.1), its carrier is not given by just the map init, since 
this map does not have the right type: its domain is given, for any context V e Set rpCF , by 
PCF(V) and not, as needed, by g (PCF(V)). We thus precompose with pattern matching 
in order to pass to its adjunct: for any context V, the carrier of the initial morphism is 
given by 

fun t y => match y with 

ctype _ p => init p 
end 

: retype _ (PCF V) > R (retype _ W) 
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We recall that the constructor ctype is the carrier of the natural transformation of the 
same name of Rem. 2.23, and that precomposing with pattern matching corresponds to 
specifying maps on a coproduct via its universal property. 

Putting the pieces together, we obtain a morphism of representions of semantic PCF: 

Definition initR : PCFPOrepHom PCFE rep R := 
Build PCFPOrepHom initR s. 

Uniqueness is proved in the following lemma: 

Lemma initR unique : forall g : PCFE_rep > R, g == initR. 

The proof consists of two steps: first, one has to show that the translation of sorts coincide. 
Since the source of this translation is an inductive type — the initial representation of 
the signature of Ex. 3.4 — this proof is done by induction. Afterwards the translations 
of terms are proved to be equal. The proof is done by induction on terms of PCF. It 
makes essentially use of the commutative diagrams (cf. Def. 5.11) which we exemplarily 
presented for the arities of successor (Code 9.6), application (Code 9.7) and abstrac- 
tion (Code 9.8). Finally we can declare an instance of Initial for the category REP of 
representations: 

Instance PCF initial : Initial REP := { 
Init := PCFErep ; 
InitMor R := initR R ; 
InitMorUnique R := @initR_unique R }. 

Checking the axioms used for the proof of initiality (and its dependencies) yields the use 
of non-dependent functional extensionality (applied to the translations of sorts) and 
uniqueness of identity proofs, which in the Coq standard library is implemented as a 
consequence of another — logically equivalent — axiom eq_rect_eq: 

Print Assumptions PCF initial. 

Axioms: 

CatSem. AXIO MS. functiona I _extensionality. functional extensionality : 
forall (A B : Type) (f g : A -> B), 

(forall x : A, f x = g x) — > f = g 
Eq rect eq.eq rect_eq : forall (U : Type) (p : U) (Q : U — > Type) 

(x : Q p) (h : p = p), x = eq rect p Q x p h 

9.7. A Representation of PCF in the Untyped 
Lambda Calculus 

We use the iteration principle explained in Rem. 5.23 in order to specify a translation 
from PCF to the untyped lambda calculus which is compatible with reduction in the 
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source and target. According to the principle, it is sufficient to define a representation 
of PCF in the relative monad of the lambda calculus (cf. Exs. 1.2 and 2.85) and to 
verify that this representation satisfies the inequations of Fig. A.4, formalized in the Coq 
code snippets 9.2, 9.3, 9.4 and 9.5. The first task, specifying a representation of the 
types of PCF, in the singleton set of types of ULC, is trivial. We furthermore specify 
representations of the term arities of PCF, presented in Code 9.1, by giving an instance 
of the corresponding type class. 

Program Instance PCF_ULC_rep_s : 

PCFPO_rep_struct (Sorts:=unit) ULCBETAM (fun => tt) tt tt := { 

app r s := ulcapp r s; 
abs r s := ulcabs r s; 
rec t := ulc_rec t ; 
tttt := ulc_ttt ; 
ffff := ulcfff ; 
nats m := ulc_N m ; 
Succ := ulc succ ; 
CondB := ulc_condb ; 
CondN := ulc condn ; 
bottom t := ulcbottom t ; 
Zero := ulc zero ; 
Pred := ulc_pred }. 

Before taking a closer look at the module morphisms we specify in order to represent 
the arities of PCF, we note that in the above instance declaration, we have not given 
the proofs corresponding to code snippets 9.2 to 9.5. In the terms of Rem. 5.23, we 
have not completed the third task, the verification that the given representation satisfies 
the inequations. The Program feature we use during the above instance declaration is 
able to detect that the fields called beta red, rec_A, etc., are missing, and enters into 
interactive proof mode to allow us to fill in each of the missing fields. 

We now take a look at some of the lambda terms representing arities of PCF. The 
carrier of the representations ulcapp is the application of lambda calculus, of course, 
and similar for ulc abs. Here the parameters r and s vary over terms of type unit, the 
type of sorts underlying this representation. We use an infixed application and a de 
Bruijn notation instead of the more abstract notation of nested data types: 

Notation "a @ b" := (App a b) (at level 42, left associativity). 
Notation "T" := (Var None) (at level 33). 
Notation "'2'" := (Var (Some None)) (at level 24). 

The truth values T and F are represented by 

Eval compute in ULC_True. 
= Abs (Abs 2) 
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Eval compute in ULC_False. 
= Abs (Abs 1) 

Natural numbers are given in Church style, the successor function is given by the term 
Xnf x.f(n f x). The predecessor is represented by the constant 

Xnfx.n {Xgh.h{g /))(Au.x)(Au.u), 

and the test for zero is represented by Xn.n(Xx.F)T , where F and T are the lambda 
terms representing F and T, respectively. 

Eval compute in ULC Nat 0. 

= Abs (Abs 1) 
Eval compute in ULCNat 2. 

= Abs (Abs (2 © (Abs (Abs (2 © (Abs (Abs 1) © 2 © 1))) © 2 @ 1))) 
Eval compute in ULCsucc. 

= Abs (Abs (Abs (2 @ (3 @ 2 © 1)))) 
Eval compute in ULCpred. 

= Abs (Abs (Abs (3 © Abs (Abs (1 © (2 © 4))) © Abs 2 © Abs 1))) 
Eval compute in ULC_zero. 

= Abs (1 © Abs (Abs (Abs 1)) © Abs (Abs 2)) 

The conditional is represented by the lambda term Xpab.p a b: 

Eval compute in ULCcond. 

= Abs (Abs (Abs (3 © 2 © 1))) 

The constant arity L A is represented by Q: 

Eval compute in ULC_omega. 
= Abs (1 © 1) © Abs (1 © 1) 

The fixed point operator Fix (rec) is represented by the Turing fixed-point combinator, 
that is, the lambda term 

Eval compute in ULC_theta. 

= Abs (Abs (1 © (2 © 2 © 1))) © Abs (Abs (1 © (2 © 2 © 1))) 

The reason why we use the Turing operator instead of, say, the combinator Y, 

Eval compute in ULC Y. 

= Abs (Abs (2 © (1 © 1)) © Abs (2 © (1 © 1))) 

is that the latter does not have a property that is crucial for us: It is 

e(/W*/(e(/)) 

but only 

Y(/)^/(Y(/)) 
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via a common reduct. Thus if we would attempt to represent the arity rec by the fixed- 
point combinator Y, we would not be able to prove the condition expressed in Code 9.3. 
A way to allow for the use of Y as representation of rec would by to consider symmetric 
relations on terms, e.g., relative monads into a category of setoids. 

As a final remark, we emphasize that while reduction is given as a relation in our 
formalization, and as such is not computable, the obtained translation from PCF to 
the untyped lambda calculus is executable in Coq. For instance, we can translate the 
PCF term negating boolean terms as follows: 

9.11 Code: 

Eval compute in 
(PCF_ULC_c ((fun t => False)) tt (ctype _ 
(Lam (condB ' @@ x_bool 00 fff ' 00 ttt ')))). 

= Abs (Abs (Abs (Abs (3 @ 2 1))) @ 1 @ Abs (Abs 1) Abs (Abs 2)) 

Here we use infixed "00" to denote application of PCF, and x_bool is simply a notation 
for a de Bruijn variable of type Bool of the lowest level, i.e. a variable that is bound by 
the Lam binder of PCF in above term. 
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We summarize the contributions of this thesis and discuss further work. 

10.1. Contributions 

We have proved an initiality result for simply-typed syntax equipped with reduction rules. 
The category-theoretic iteration principle obtained through the universal property of 
initiality is sufficiently general to allow for the specification of translations from the term 
representation to languages typed over different sets of sorts. 

We have characterized binding syntax with a reduction relation — for instance the 
lambda calculus with beta reduction — as a relative monad over the functor A (cf. 
Ex. 2.85), encoding not only commutativity properties of substitution, but also its 
monotonicity in the first-order argument. By a suitable strengthening of the definition 
of relative monad in a 2-categorical context, an additional monotonicity property for 
the higher-order argument of substitution can be assured, cf. Rem. 2.86. We have also 
carried the definition of module over a monad and several constructions of modules over 
to modules over relative monads. 

We then have proved several theorems in the proof assistant Coq: firstly, we imple- 
mented Zsido's initiality theorem [ZsilO, Chap. 6], summed up in this work as a reference 
in Sect. 3.2. Secondly, we have proved the initiality theorem of Chapt. 4, yielding a tool, 
which, when fed with a 2-signature (S,A), provides the syntax associated to S equipped 
with the reduction relation generated by the inequations of A. Thirdly, we have proved 
an instance of our main theorem, Thm. 5.21 of Chapt. 5, for the particular 2-signature 
of the programming language PCF equipped with reduction rules as in Fig. A.4. The 
representation of the signature of PCF in the monad of the untyped lambda calculus with 
beta reduction results in an executable translation from PCF to ULC which is certified to 
be compatible with substitution and reduction in the source and target languages. 



10.2. Further Work 

In the future, we hope to prove and implement initiality theorems for richer type systems. 
In particular, dependent types and polymorphism, two important steps towards certified 
programs and code reusability, respectively, should be accounted for. 
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Furthermore, the modelling of semantics should be improved to allow reasoning about 
important properties such as termination. 

As mentioned before, the implementation of initiality results in a proof assistant may 
serve as a framework for research about programming languages and logics. For this 
reason we envisage the implementation in a proof assistant of Thm. 5.21 in its full 
generality. 

We present these points in detail: 

Fine-grained modelling of reduction For a given 2-signature (a signature together 
with a set of inequations), models of this 2-signature so far were basically functors 
which associate, to any set "of variables", a preordered set — intuitively a model of 
"terms" over the set of variables 1 . The preorder < on such a model corresponds to 
the reduction relation on the term model, i.e. the "term" t reduces to t' if and only 
if t < t'. 

The modelling of reductions via preorders may be considered too coarse in several 
aspects: 

• different reductions might lead from one term to another. However, the use 
of preorders to model reduction does not allow to distinguish two reductions 
with the same source and target. 

• The hard-coded reflexivity rule makes reasoning about normalization — in 
particular termination — difficult. 

Instead of considering preordered sets (indexed by sets of free variables) as models 
of a 2-signature, it would thus be interesting to consider a structure which allows 
for more fine-grained treatment of reduction, such as graphs or categories. In 
other words, we might build models of 2-signatures from relative monads into the 
category of graphs or (small) categories. Using this new definition of model, one 
might then envisage to prove an initiality theorem analogous to the one already 
proven, and to use the additional structure obtained by switching to graphs or 
categories to reason about the aforementioned properties. 

Inequations, Syntactically Fiore and Hur [FH10] develop a syntactic theory of equa- 
tions over a higher-order signature, allowing for proofs of soundness and com- 
pleteness with respect to the models of the signature and the equations. Similar 
techniques should allow for a syntactic presentation of our inequations. Apart from 
the obvious goal of soundness and completeness, such a syntactic presentation 
would also facilitate the specification of reductions in the computer implementation 
in Coq: in particular, it would make it possible to specify reductions without any 
knowledge about category-theoretic concepts. 

: We ignore the typed case for the moment, which is analogous. 
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A minimal goal would be to have a data type — dependent on a 1-signature — 
which allows to specify the usual half-equations, mainly obtained from substitution 
and from composition of arities, e.g., app o (abs x id). To a term of this data type, 
on could associate a family of morphisms of modules which constitutes the carrier 
of a half-equation: the algebraic properties (being a morphism of modules, which 
corresponds to the compatibility of substitution with meta-substitution in [FH10], 
could be proved once and for all by induction. 

More sophisticated type systems New programming languages tend to be equipped 
with more and more sophisticated type systems: dependent types allow to ensure 
properties of function output and thus secure plugging together of functions. 
Polymorphism allows for the reuse of code in various situations. An algebraic 
characterization of such sophisticated type systems with variable binding via a 
universal property is still missing. We hope to extend initiality results to encompass 
these type systems. 

A wider class of arities The present initiality theorems encompass arities, i.e. term 
constructors, of quite simple nature: the only operations considered are product — 
for constructors with multiple arguments — and context extension, for modelling 
variable binding. 

It would be desirable to consider more general term formers. Hirschowitz and 
Maggesi [HM12] have introduced a notion of strengthened arity which allows, for 
instance, to treat a term former of explicit flattening /jl : T o T — > T . Ultimately, we 
hope to find a very general simple criterion for arities and signatures for which an 
initial model can be provided. 

A certified research tool The obtained results should — as we have already done for 
untyped syntax with reductions — be implemented in a theorem prover such as 
Coq. In this way, an initiality theorem may be used as a practical tool for easily 
experimenting with different languages. Changing a language would be done by 
simply changing its specifying signature, whereas all necessary data and properties 
such as certified substitution and iteration, but also reductions, would be provided 
by the system. For this computer implementation and suitable reduction rules, it 
would also be desirable to obtain automatically a reduction function r in addition 
to the reduction relation. This reduction function might be validated against the 
relation in the sense that one may prove that for any term t, one has t < r(t). 
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The following section informally introduces the syntax and semantics of PCF and ULC, 
as it might be introduced in some computer science textbook. Our presentation of the 
lambda calculus is inspired by Barendregt and Barendsen's course [BB94], and that of 
PCF by Hyland and Ong's paper [HO00]. 

A.l. Syntax of Lambda Calculus and PCF 

Let V be a countably infinite set (of variables) . The syntax of U LC is given by 

A ::= v | A@A | Av.A , 

where veV varies over variables. 

The programming language PCF is a typed language, more precisely a simply-typed 
language. It is given by 

• a set of sorts, 

• a set of terms and 

• a typing map associating a sort to any term. 

We take the presentation of PCF from Hyland and Ong's paper on full abstraction 
[HO00]. The sorts of PCF are constructed from two base sorts and a function type 
constructor: 

r PCF ::= 1 1 o | r PCF => r PCF . 

The terms of PCF are defined in two steps: at first, we define a set of raw terms, which 
actually contains more elements than we want. Afterwards, we define a welltypedness 
predicate on those raw terms. The terms of PCF then are the well-typed raw terms. The 
raw terms of PCF are given by the grammar of Fig. A.l. 

Note that we use the same infix notation _@_ for application in PCF and ULC. We 
also write /(x) for f@x when no confusion can arise. The constants c A of sort A are 
the basic constants from logic and arithmetic, i.e. booleans T and F, natural numbers n, 
successor and predecessor as well as test for zero, and conditionals. They are listed in 
Fig. A.2. 
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s 




undefined 




1 c A 


constant 




1 *4 


variable 




s@s 


application 




Xx : As 


abstraction 




I Fix A ( 5 ) 


fixed point operator 



Figure A.I.: Grammar of PCF 



n 


l 


naturals (for n e N) 


T, F 





boolean constants 


S 


(,=>(, 


successor 


pred 


(,=>(, 


predecessor 


zero? 


i => 


test on zero 


cond t 


=> t =>(,=> t 


conditional for naturals 


cond„ 


=> => => 


conditional for booleans 



Figure A.2.: Constants of PCF 



Instead of all raw terms from the definition of Fig. A.l we only consider well-typed 
terms, that is, those raw terms that are typable according to the typing judgements of 
Fig. A.3. 



c A :A 


1 A ;A 




M :A^>A 


M :A 2 


M : A 1 => A 2 N :A 1 


Fix A (M) :A 


Xx :A 1 .M : A 2 => A 2 


M@N :A 2 



Figure A.3.: Typing rules of PCF 



A.2. Semantics of Lambda Calculus and PCF 

Functional programming languages such as PCF and ULC allow for computation by 
reduction, as explained in Sect. 1.2.6. The prime example of reduction rule is the beta 



180 



A.2. Semantics of Lambda Calculus and PCF 



rule of ULC, 

(Ax.M)iV ~*p M[x:=N] , (A.2.1) 

where M[x := N] denotes the term M where free occurrences of the variable x have 
been replaced by N in a capture-avoiding manner. 

The above rule may be considered to "generate" beta reduction in the sense that we 
also consider 

1. reductions in subterms such as in Ax.(Ay.M)iV and 

2. chains of reductions, that is, reductions consisting of multiple steps. 

Thus, to be more precise, what is usually called "beta reduction", is in fact the closure of 
the relation specified by the rule given in Disp. (A.2.1) under propagation into subterms 
as well as transitivity and reflexivity denoted by in Barendregt and Barendsen's 
course [BB94]. In general we associate three different relations to any set of reduction 
rules, see Sect. 1.2.6. 

Reduction in PCF is given by a beta rule similar to Disp. (A.2.1) and several additional 
reduction rules concerning the fixed point operator and the logical and arithmetic 
constants. We list them using a small-step semantics as given in [HO00] or in Pitts' 
lecture notes on denotational semantics [Pit99] . Analogously to the lambda calculus 
with beta reduction, we denote by "-»pcf" the reduction relation obtained as closure 
under propagation into subterms as well as reflexivity and transitivity. 



Xx : A.M{N) 


~-> 


M[x := 


--N] 




Fix(g) 


™> 


g(Fix(g)) 




S(n) 


~-> 


n + 1 






pred(O) 


™> 









pred(S(n)) 


~-> 


n 






zero?(0) 


™> 


T 






zero?(S(n)) 


~-> 


F 






cond a (T)(M)(AT) 


™> 


M (cr 


e {o 




cond £J (F)(M)(iV) 


™> 


N (cr 


e {o, 


t}) 



Figure A.4.: Reduction rules of PCF 
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